Cross-reference for D3FEND™ - A knowledge graph of cybersecurity countermeasures classes, object properties and data properties back to ToC

This section provides details for each class and property defined by D3FEND™ - A knowledge graph of cybersecurity countermeasures.

Classes

.bash_profile and .bashrcc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.004

has super-classes
Event Triggered Execution c
is also defined as
named individual

/etc/passwd and /etc/shadowc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.008

has super-classes
OS Credential Dumping c
is also defined as
named individual

Abuse Elevation Control Mechanismc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548

has super-classes
Defense Evasion Technique c, Privilege Escalation Technique c
has sub-classes
Bypass User Access Control c, Elevated Execution with Prompt c, Setuid and Setgid c, Sudo and Sudo Caching c

Academic Articlec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AcademicArticle

has super-classes
Article c
has sub-classes
Conference Paper c, Journal Article c

Academic Paper Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AcademicPaperReference

has super-classes
Technique Reference c
has members
Reference - Analysis of the Windows Vista Security Model - Symantec Corporation ni, Reference - Continuous authentication by analysis of keyboard typing characteristics - Bradford Univ., UK ni, Reference - Dagger: Modeling and visualization for mission impact situational awareness ni, Reference - Dead code elimination ni, Reference - Detecting DDoS Attack Using Snort ni, Reference - Enhancing Network Security By Preventing User-Initiated Malware Execution - MITRE ni, Reference - Firmware Behavior Analysis ConFirm ni, Reference - Firmware Behavior Analysis VIPER ni, Reference - Firmware Embedded Monitoring Code Symbiotes ni, Reference - Indirect Branching Calls ni, Reference - Mission Dependency Modeling for Cyber Situational Awareness ni, Reference - Network-Based Buffer Overflow Detection by Exploit Code Analysis - Information Security Research Centre ni, Reference - Network-level polymorphic shellcode detection using emulation ni, Reference - Predicting Domain Generation Algorithms with Long Short-Term Memory Networks ni, Reference - Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords ni

Access Control Configurationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AccessControlConfiguration

has super-classes
Configuration Resource c
has sub-classes
Access Control List c, Group Policy c
is also defined as
named individual

Access Control Listc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AccessControlList

Is defined by
http://dbpedia.org/resource/Access-control_list
has super-classes
Access Control Configuration c

Access Modelingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AccessModeling

has super-classes
Operational Activity Mapping c
is also defined as
named individual

Access Tokenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AccessToken

has super-classes
Credential c
has sub-classes
Kerberos Ticket c, Ticket Granting Ticket c
has members
Token Impersonation/Theft ni
is also defined as
named individual

Access Token Manipulationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134

has super-classes
Defense Evasion Technique c, Privilege Escalation Technique c
has sub-classes
Create Process with Token c, Make and Impersonate Token c, Parent PID Spoofing c, SID-History Injection c, Token Impersonation/Theft c

Accessibility Featuresc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1015

has super-classes
Persistence Technique c, Privilege Escalation Technique c

Accessibility Featuresc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.008

has super-classes
Event Triggered Execution c
is also defined as
named individual

Account Access Removalc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1531

has super-classes
Impact Technique c
is also defined as
named individual

Account Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087

has super-classes
Discovery Technique c
has sub-classes
Email Account c

Account Lockingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AccountLocking

has super-classes
Credential Eviction c
is also defined as
named individual

Account Manipulationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098

has super-classes
Persistence Technique c
has sub-classes
Add Office 365 Global Administrator Role c, Additional Azure Service Principal Credentials c, Device Registration c, Exchange Email Delegate Permissions c, SSH Authorized Keys c
is also defined as
named individual

Acquire Infrastructurec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1583

has super-classes
Resource Development Technique c
has sub-classes
Botnet c, DNS Server c, Domains c, Server c, Virtual Private Server c, Web Services c

Active Certificate Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ActiveCertificateAnalysis

has super-classes
Certificate Analysis c
has members
Active Certificate Analysis ni
is also defined as
named individual

Active Logical Link Mappingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ActiveLogicalLinkMapping

has super-classes
Logical Link Mapping c
is also defined as
named individual

Active Physical Link Mappingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ActivePhysicalLinkMapping

has super-classes
Physical Link Mapping c
is disjoint with
Passive Physical Link Mapping c
is also defined as
named individual

Active Scanningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1595

has super-classes
Reconnaissance Technique c
has sub-classes
Scanning IP Blocks c, Vulnerability Scanning c, Wordlist Scanning c

Active Setupc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.014

has super-classes
Boot or Logon Autostart Execution c

Activityc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Activity

has super-classes
D3FEND Thing c
has sub-classes
Organizational Activity c

Activity Dependencyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ActivityDependency

has super-classes
Dependency c

Add Office 365 Global Administrator Rolec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.003

has super-classes
Account Manipulation c
is also defined as
named individual

Add-insc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.006

has super-classes
Office Application Startup c
is also defined as
named individual

Additional Azure Service Principal Credentialsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.001

has super-classes
Account Manipulation c
is also defined as
named individual

Address Spacec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AddressSpace

Is defined by
https://dbpedia.org/page/Address_space
has super-classes
Digital Artifact c
has sub-classes
Memory Address Space c

Admin Feature Assessmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AdminFeatureAssessment

has super-classes
Feature Assessment c

Admin Feature Claimc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AdminFeatureClaim

has super-classes
Capability Feature Claim c

Administrative Featurec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AdministrativeFeature

has super-classes
Capability Feature c

Administrative Network Activity Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AdministrativeNetworkActivityAnalysis

has super-classes
Network Traffic Analysis c
is also defined as
named individual

Administrative Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AdministrativeNetworkTraffic

has super-classes
Network Traffic c
has sub-classes
Intranet Administrative Network Traffic c
is also defined as
named individual

Agentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Agent

has super-classes
D3FEND Catalog Thing c
has sub-classes
Organization c, Person c

Aliasc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Alias

Is defined by
http://dbpedia.org/resource/Alias_(Mac_OS)
has super-classes
Slow Symbolic Link c

Allocate Memoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AllocateMemory

has super-classes
System Call c
is also defined as
named individual

Analysis of Alternativesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AnalysisOfAlternatives

has super-classes
D3FEND Catalog Thing c

Analytic Latencyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AnalyticLatency

has super-classes
Latency c
has members
non-real-time-analytic ni, real-time-analytic ni

AppCert DLLsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1182

has super-classes
Persistence Technique c, Privilege Escalation Technique c

AppCert DLLsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.009

has super-classes
Event Triggered Execution c
is also defined as
named individual

AppInit DLLsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1103

has super-classes
Persistence Technique c, Privilege Escalation Technique c

AppInit DLLsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.010

has super-classes
Event Triggered Execution c
is also defined as
named individual

AppleScriptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1155

has super-classes
Execution Technique c

AppleScript Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.002

has super-classes
Command and Scripting Interpreter Execution c

Appliancec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Appliance

has super-classes
Product c

Applicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Application

has super-classes
Software c
has sub-classes
Client Application c, Password Manager c, Service Application c, User Application c
is also defined as
named individual

Application Access Tokenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1527

has super-classes
Defense Evasion Technique c, Lateral Movement Technique c

Application Access Tokenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.001

has super-classes
Use Alternate Authentication Material c
is also defined as
named individual

Application Configurationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfiguration

has super-classes
Configuration Resource c
has sub-classes
Application Configuration Database Record c, Application Process Configuration c, Application Rule c, Process Environment Variable c
is also defined as
named individual

Application Configuration Databasec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfigurationDatabase

has super-classes
Configuration Database c
has sub-classes
Shim Database c
is also defined as
named individual

Application Configuration Database Recordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfigurationDatabaseRecord

has super-classes
Application Configuration c, Configuration Database Record c
is also defined as
named individual

Application Configuration Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfigurationFile

has super-classes
Configuration File c
has sub-classes
Compiler Configuration File c
is also defined as
named individual

Application Configuration Hardeningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfigurationHardening

has super-classes
Application Hardening c
is also defined as
named individual

Application Deployment Softwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1017

has super-classes
Lateral Movement Technique c

Application Exhaustion Floodc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1499.003

has super-classes
Endpoint Denial of Service c

Application Hardeningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationHardening

has super-classes
Defensive Technique c
has sub-classes
Application Configuration Hardening c, Dead Code Elimination c, Exception Handler Pointer Validation c, Pointer Authentication c, Process Segment Execution Prevention c, Segment Address Offset Randomization c, Stack Frame Canary Validation c
has members
Application Configuration Hardening ni, Dead Code Elimination ni, Exception Handler Pointer Validation ni, Pointer Authentication ni, Process Segment Execution Prevention ni, Segment Address Offset Randomization ni, Stack Frame Canary Validation ni
is also defined as
named individual

Application Installerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationInstaller

has super-classes
User Application c
is also defined as
named individual

Application Inventory Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationInventorySensor

has super-classes
Endpoint Sensor c
is also defined as
named individual

Application Layer Firewallc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationLayerFirewall

Is defined by
http://dbpedia.org/resource/Application_firewall
has super-classes
Firewall c
has sub-classes
Web Application Firewall c

Application Layer Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071

has super-classes
Command and Control Technique c
has sub-classes
DNS c, File Transfer Protocols c, Mail Protocols c, Web Protocols c
is also defined as
named individual

Application or System Exploitationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1499.004

has super-classes
Endpoint Denial of Service c

Application Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationProcess

has super-classes
User Process c
has sub-classes
Container Process c, Script Application Process c, Service Application Process c
is also defined as
named individual

Application Process Configurationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationProcessConfiguration

has super-classes
Application Configuration c

Application Rulec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationRule

has super-classes
Application Configuration c
has sub-classes
Email Rule c

Application Shimc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationShim

has super-classes
Shim c

Application Shimmingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1138

has super-classes
Persistence Technique c, Privilege Escalation Technique c

Application Shimmingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.011

has super-classes
Event Triggered Execution c
is also defined as
named individual

Application Window Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1010

has super-classes
Discovery Technique c
is also defined as
named individual

Archive Collected Datac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560

has super-classes
Collection Technique c
has sub-classes
Archive via Custom Method c, Archive via Library c, Archive via Utility c
is also defined as
named individual

Archive Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ArchiveFile

has super-classes
File c
has sub-classes
Custom Archive File c, Java Archive c
is also defined as
named individual

Archive via Custom Methodc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560.003

has super-classes
Archive Collected Data c
is also defined as
named individual

Archive via Libraryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560.002

has super-classes
Archive Collected Data c
is also defined as
named individual

Archive via Utilityc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560.001

has super-classes
Archive Collected Data c
is also defined as
named individual

ARP Cache Poisoningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1557.002

has super-classes
Man-in-the-Middle c

Articlec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Article

has super-classes
Document c
has sub-classes
Academic Article c, News Article c

Artifactc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Artifact

has super-classes
D3FEND Thing c
has sub-classes
Digital Artifact c, Physical Artifact c, System c
is in domain of
may have weakness op
is in range of
d3fend-tactical-verb-property op, may be weakness of op

Artifact Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ArtifactServer

has super-classes
Web Server c
has sub-classes
Data Artifact Server c, Software Artifact Server c

AS-REP Roastingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558.004

has super-classes
Steal or Forge Kerberos Tickets c

Assessmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Assessment

Is defined by
http://wordnet-rdf.princeton.edu/id/05741528-n
has super-classes
D3FEND Catalog Thing c
has sub-classes
Capability Assessment c, Feature Assessment c, Portfolio Assessment c

Asset Inventoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AssetInventory

has super-classes
Defensive Technique c
has sub-classes
Asset Vulnerability Enumeration c, Configuration Inventory c, Data Inventory c, Hardware Component Inventory c, Network Node Inventory c, Software Inventory c
has members
Asset Vulnerability Enumeration ni, Configuration Inventory ni, Data Inventory ni, Hardware Component Inventory ni, Network Node Inventory ni, Software Inventory ni
is also defined as
named individual

Asset Vulnerability Enumerationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AssetVulnerabilityEnumeration

has super-classes
Asset Inventory c
is also defined as
named individual

Asymmetric Cryptographyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1573.002

has super-classes
Encrypted Channel c
is also defined as
named individual

Asymmetric Keyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AsymmetricKey

has super-classes
Cryptographic Key c
has sub-classes
Private Key c, Public Key c

Asynchronous Procedure Callc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.004

has super-classes
Process Injection c
is also defined as
named individual

At (Linux) Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.001

has super-classes
Scheduled Task/Job Execution c

At (Windows) Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.002

has super-classes
Scheduled Task/Job Execution c

ATTACK Mitigationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ATTACKMitigation

has super-classes
ATTACK Thing c
has members
Account Use Policies ni, Active Directory Configuration ni, Antivirus/Antimalware ni, Application Developer Guidance ni, Application Isolation and Sandboxing ni, Audit ni, Behavior Prevention on Endpoint ni, Boot Integrity ni, Code Signing ni, Credential Access Protection ni, Data Backup ni, Disable or Remove Feature or Program ni, Do Not Mitigate ni, Encrypt Sensitive Information ni, Environment Variable Permissions ni, Execution Prevention ni, Exploit Protection ni, Filter Network Traffic ni, Limit Access to Resource Over Network ni, Limit Hardware Installation ni, Limit Software Installation ni, Multi-factor Authentication ni, Network Intrusion Prevention ni, Network Segmentation ni, Operating System Configuration ni, Password Policies ni, Pre-compromise ni, Privileged Account Management ni, Privileged Process Integrity ni, Remote Data Storage ni, Restrict File and Directory Permissions ni, Restrict Library Loading ni, Restrict Registry Permission ni, Restrict Web-Based Content ni, SSL/TLS Inspection ni, Software Configuration ni, Threat Intelligence Program ni, Update Software ni, User Account Control ni, User Account Management ni, User Training ni, Vulnerability Scanning ni

ATTACK Thingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ATTACKThing

has sub-classes
ATTACK Mitigation c, Offensive Tactic c, Offensive Technique c

Audio Capturec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1123

has super-classes
Collection Technique c
is also defined as
named individual

Audio Input Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AudioInputDevice

has super-classes
Input Device c
is also defined as
named individual

Authenticate Userc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticateUser

has super-classes
System Call c
is also defined as
named individual

Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Authentication

has super-classes
User Action c
has sub-classes
Web Authentication c
has members
Authentication ni
is also defined as
named individual

Authentication Cache Invalidationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationCacheInvalidation

has super-classes
Credential Eviction c
is also defined as
named individual

Authentication Event Thresholdingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationEventThresholding

has super-classes
User Behavior Analysis c
is also defined as
named individual

Authentication Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationFunction

has super-classes
Subroutine c
is also defined as
named individual

Authentication Logc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationLog

has super-classes
Log c
is also defined as
named individual

Authentication Packagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1131

has super-classes
Persistence Technique c

Authentication Packagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.002

has super-classes
Boot or Logon Autostart Execution c
is also defined as
named individual

Authentication Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationServer

Is defined by
http://dbpedia.org/resource/Authentication_server
has super-classes
Server c

Authentication Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationService

has super-classes
Service Application Process c
has sub-classes
Local Authentication Service c, Remote Authentication Service c
is also defined as
named individual

Authorizationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Authorization

has super-classes
User Action c
has sub-classes
Cloud Service Authorization c
is also defined as
named individual

Authorization Event Thresholdingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthorizationEventThresholding

has super-classes
User Behavior Analysis c
is also defined as
named individual

Authorization Logc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthorizationLog

has super-classes
Log c
is also defined as
named individual

Authorization Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthorizationService

Is defined by
https://www.sciencedirect.com/referencework/9780122272400/encyclopedia-of-information-systems
has super-classes
Network Service c, Service Application Process c
has sub-classes
Local Authorization Service c, Remote Authorization Service c

Automated Collectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1119

has super-classes
Collection Technique c
is also defined as
named individual

Automated Exfiltrationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1020

has super-classes
Exfiltration Technique c
has sub-classes
Traffic Duplication c
is also defined as
named individual

Barcode Scanner Input Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BarcodeScannerInputDevice

Is defined by
http://dbpedia.org/resource/Barcode_reader
has super-classes
Image Scanner Input Device c

Bash Historyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1139

has super-classes
Credential Access Technique c

Bash Historyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.003

has super-classes
Unsecured Credentials c
is also defined as
named individual

Bidirectional Communicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1102.002

has super-classes
Web Service c

Binary Large Objectc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BinaryLargeObject

Is defined by
http://dbpedia.org/resource/Binary_large_object
has super-classes
Digital Artifact c
has sub-classes
JavaScript Blob c

Binary Paddingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1009

has super-classes
Defense Evasion Technique c

Binary Paddingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.001

has super-classes
Obfuscated Files or Information c
is also defined as
named individual

Binary Segmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BinarySegment

has super-classes
Digital Artifact c
has sub-classes
Image Segment c, Process Segment c

Biometric Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BiometricAuthentication

has super-classes
Credential Hardening c
is also defined as
named individual

BITS Jobsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1197

has super-classes
Defense Evasion Technique c, Persistence Technique c
is also defined as
named individual

Blobc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Blob

Is defined by
http://dbpedia.org/resource/Binary_large_object
has super-classes
Digital Artifact c

Block Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BlockDevice

has super-classes
Digital Artifact c
is also defined as
named individual

Book Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BookReference

has super-classes
Technique Reference c
has members
Reference - Organizational Management in SAP ERP HCM ni

Boot Loaderc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BootLoader

has super-classes
Digital Artifact c
has sub-classes
First-stage Boot Loader c, Second-stage Boot Loader c
is also defined as
named individual

Boot or Logon Autostart Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547

has super-classes
Persistence Technique c, Privilege Escalation Technique c
has sub-classes
Active Setup c, Authentication Package c, Kernel Modules and Extensions c, LSASS Driver c, Login Items c, Plist Modification c, Port Monitors c, Print Processors c, Re-opened Applications c, Registry Run Keys / Startup Folder c, Security Support Provider c, Shortcut Modification c, Time Providers c, Winlogon Helper DLL c, XDG Autostart Entries c

Boot or Logon Initialization Scriptsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037

has super-classes
Persistence Technique c, Privilege Escalation Technique c
has sub-classes
Logon Script (Mac) c, Logon Script (Windows) c, Network Logon Script c, Rc.common c, Startup Items c

Boot Recordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BootRecord

has super-classes
Record c
has sub-classes
Boot Sector c, Volume Boot Record c

Boot Sectorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BootSector

has super-classes
Boot Record c
is also defined as
named individual

Bootkitc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1067

has super-classes
Persistence Technique c

Bootkitc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.003

has super-classes
Pre-OS Boot c
is also defined as
named individual

Bootloader Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BootloaderAuthentication

has super-classes
Platform Hardening c
is also defined as
named individual

Botnetc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1583.005

has super-classes
Acquire Infrastructure c

Botnetc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1584.005

has super-classes
Compromise Infrastructure c

Broadcast Domain Isolationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BroadcastDomainIsolation

has super-classes
Network Isolation c
is also defined as
named individual

Browserc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Browser

has super-classes
User Application c
is also defined as
named individual

Browser Bookmark Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1217

has super-classes
Discovery Technique c

Browser Extensionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BrowserExtension

has super-classes
User Application c
is also defined as
named individual

Browser Extensionsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1176

has super-classes
Persistence Technique c
is also defined as
named individual

Brute Forcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110

has super-classes
Credential Access Technique c
has sub-classes
Credential Stuffing c, Password Cracking c, Password Guessing c, Password Spraying c

Build Image on Hostc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1612

has super-classes
Defense Evasion Technique c

Build Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BuildTool

has super-classes
Developer Application c
has sub-classes
Compiler c, Software Packaging Tool c

Business Communication Platform Clientc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BusinessCommunicationPlatformClient

Is defined by
http://dbpedia.org/resource/Business_communication
has super-classes
Collaborative Software c

Business Relationshipsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1591.002

has super-classes
Gather Victim Org Information c

Bypass User Access Controlc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.002

has super-classes
Abuse Elevation Control Mechanism c
is also defined as
named individual

Bypass User Account Controlc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1088

has super-classes
Defense Evasion Technique c, Privilege Escalation Technique c

Byte Sequence Emulationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ByteSequenceEmulation

has super-classes
Network Traffic Analysis c
is also defined as
named individual

CA Certificate Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CACertificateFile

has super-classes
Certificate File c

Cached Domain Credentialsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.005

has super-classes
OS Credential Dumping c
is also defined as
named individual

Call Stackc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CallStack

has super-classes
Digital Artifact c
is also defined as
named individual

Capabilityc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Capability

Is defined by
http://dbpedia.org/resource/Capability_(systems_engineering)
has super-classes
D3FEND Thing c

Capability Assessmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CapabilityAssessment

has super-classes
Assessment c

Capability Featurec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CapabilityFeature

has super-classes
D3FEND Catalog Thing c
has sub-classes
Administrative Feature c, Defensive Technique c
is in range of
features op

Capability Feature Claimc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CapabilityFeatureClaim

has super-classes
Statement c
has sub-classes
Admin Feature Claim c, Defensive Technique Claim c
is in domain of
comments dp, features op

Capability Implementationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CapabilityImplementation

has super-classes
D3FEND Catalog Thing c
has sub-classes
Product c, Service c
is in domain of
implements op, operating-system dp
is in range of
implemented-by op

CAPEC Thingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CAPECThing

has sub-classes
Common Attack Pattern c

Catalogc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Catalog

Is defined by
http://wordnet-rdf.princeton.edu/id/06499734-n
has super-classes
Information Content Entity c
has sub-classes
Control Catalog c

CCI Controlc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCIControl

has super-classes
External Control c
has members
CCI-000015 ni, CCI-000016 ni, CCI-000017 ni, CCI-000018 ni, CCI-000020 ni, CCI-000022 ni, CCI-000025 ni, CCI-000027 ni, CCI-000029 ni, CCI-000030 ni, CCI-000032 ni, CCI-000034 ni, CCI-000035 ni, CCI-000037 ni, CCI-000040 ni, CCI-000044 ni, CCI-000047 ni, CCI-000056 ni, CCI-000057 ni, CCI-000058 ni, CCI-000060 ni, CCI-000066 ni, CCI-000067 ni, CCI-000068 ni, CCI-000071 ni, CCI-000139 ni, CCI-000143 ni, CCI-000144 ni, CCI-000162 ni, CCI-000163 ni, CCI-000164 ni, CCI-000185 ni, CCI-000186 ni, CCI-000187 ni, CCI-000192 ni, CCI-000193 ni, CCI-000194 ni, CCI-000195 ni, CCI-000196 ni, CCI-000197 ni, CCI-000198 ni, CCI-000199 ni, CCI-000200 ni, CCI-000205 ni, CCI-000213 ni, CCI-000218 ni, CCI-000219 ni, CCI-000226 ni, CCI-000346 ni, CCI-000352 ni, CCI-000374 ni, CCI-000381 ni, CCI-000382 ni, CCI-000386 ni, CCI-000417 ni, CCI-000663 ni, CCI-000764 ni, CCI-000765 ni, CCI-000766 ni, CCI-000767 ni, CCI-000768 ni, CCI-000771 ni, CCI-000772 ni, CCI-000774 ni, CCI-000776 ni, CCI-000804 ni, CCI-000831 ni, CCI-000877 ni, CCI-000880 ni, CCI-000884 ni, CCI-000888 ni, CCI-001009 ni, CCI-001019 ni, CCI-001067 ni, CCI-001069 ni, CCI-001082 ni, CCI-001083 ni, CCI-001084 ni, CCI-001085 ni, CCI-001086 ni, CCI-001087 ni, CCI-001089 ni, CCI-001090 ni, CCI-001092 ni, CCI-001094 ni, CCI-001096 ni, CCI-001100 ni, CCI-001109 ni, CCI-001111 ni, CCI-001115 ni, CCI-001117 ni, CCI-001118 ni, CCI-001124 ni, CCI-001125 ni, CCI-001127 ni, CCI-001128 ni, CCI-001133 ni, CCI-001144 ni, CCI-001145 ni, CCI-001146 ni, CCI-001147 ni, CCI-001150 ni, CCI-001166 ni, CCI-001169 ni, CCI-001170 ni, CCI-001178 ni, CCI-001185 ni, CCI-001199 ni, CCI-001200 ni, CCI-001210 ni, CCI-001211 ni, CCI-001233 ni, CCI-001237 ni, CCI-001239 ni, CCI-001242 ni, CCI-001262 ni, CCI-001297 ni, CCI-001305 ni, CCI-001310 ni, CCI-001350 ni, CCI-001352 ni, CCI-001356 ni, CCI-001368 ni, CCI-001372 ni, CCI-001373 ni, CCI-001374 ni, CCI-001376 ni, CCI-001377 ni, CCI-001399 ni, CCI-001400 ni, CCI-001401 ni, CCI-001403 ni, CCI-001404 ni, CCI-001405 ni, CCI-001414 ni, CCI-001424 ni, CCI-001425 ni, CCI-001426 ni, CCI-001427 ni, CCI-001428 ni, CCI-001436 ni, CCI-001452 ni, CCI-001453 ni, CCI-001454 ni, CCI-001493 ni, CCI-001494 ni, CCI-001495 ni, CCI-001496 ni, CCI-001499 ni, CCI-001555 ni, CCI-001556 ni, CCI-001557 ni, CCI-001574 ni, CCI-001589 ni, CCI-001619 ni, CCI-001632 ni, CCI-001662 ni, CCI-001668 ni, CCI-001677 ni, CCI-001682 ni, CCI-001683 ni, CCI-001684 ni, CCI-001685 ni, CCI-001686 ni, CCI-001695 ni, CCI-001744 ni, CCI-001749 ni, CCI-001762 ni, CCI-001764 ni, CCI-001767 ni, CCI-001774 ni, CCI-001811 ni, CCI-001812 ni, CCI-001813 ni, CCI-001855 ni, CCI-001858 ni, CCI-001936 ni, CCI-001937 ni, CCI-001941 ni, CCI-001953 ni, CCI-001954 ni, CCI-001957 ni, CCI-001991 ni, CCI-002005 ni, CCI-002009 ni, CCI-002010 ni, CCI-002015 ni, CCI-002016 ni, CCI-002041 ni, CCI-002145 ni, CCI-002165 ni, CCI-002169 ni, CCI-002178 ni, CCI-002179 ni, CCI-002201 ni, CCI-002205 ni, CCI-002207 ni, CCI-002211 ni, CCI-002218 ni, CCI-002233 ni, CCI-002235 ni, CCI-002238 ni, CCI-002262 ni, CCI-002263 ni, CCI-002264 ni, CCI-002272 ni, CCI-002277 ni, CCI-002281 ni, CCI-002282 ni, CCI-002283 ni, CCI-002284 ni, CCI-002289 ni, CCI-002290 ni, CCI-002302 ni, CCI-002306 ni, CCI-002307 ni, CCI-002308 ni, CCI-002309 ni, CCI-002322 ni, CCI-002346 ni, CCI-002347 ni, CCI-002353 ni, CCI-002355 ni, CCI-002357 ni, CCI-002358 ni, CCI-002359 ni, CCI-002361 ni, CCI-002363 ni, CCI-002364 ni, CCI-002381 ni, CCI-002382 ni, CCI-002384 ni, CCI-002385 ni, CCI-002394 ni, CCI-002397 ni, CCI-002400 ni, CCI-002403 ni, CCI-002409 ni, CCI-002411 ni, CCI-002420 ni, CCI-002421 ni, CCI-002422 ni, CCI-002423 ni, CCI-002425 ni, CCI-002426 ni, CCI-002460 ni, CCI-002462 ni, CCI-002463 ni, CCI-002464 ni, CCI-002465 ni, CCI-002466 ni, CCI-002467 ni, CCI-002468 ni, CCI-002470 ni, CCI-002475 ni, CCI-002476 ni, CCI-002530 ni, CCI-002531 ni, CCI-002533 ni, CCI-002536 ni, CCI-002546 ni, CCI-002605 ni, CCI-002607 ni, CCI-002613 ni, CCI-002614 ni, CCI-002617 ni, CCI-002618 ni, CCI-002630 ni, CCI-002631 ni, CCI-002661 ni, CCI-002662 ni, CCI-002684 ni, CCI-002688 ni, CCI-002689 ni, CCI-002690 ni, CCI-002691 ni, CCI-002710 ni, CCI-002711 ni, CCI-002712 ni, CCI-002715 ni, CCI-002716 ni, CCI-002717 ni, CCI-002718 ni, CCI-002723 ni, CCI-002724 ni, CCI-002726 ni, CCI-002729 ni, CCI-002740 ni, CCI-002743 ni, CCI-002746 ni, CCI-002748 ni, CCI-002749 ni, CCI-002771 ni, CCI-002824 ni, CCI-002883 ni, CCI-002890 ni, CCI-002891 ni, CCI-003014 ni, CCI-003123 ni

CDNsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1596.004

has super-classes
Search Open Technical Databases c

Central Processing Unitc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CentralProcessingUnit

has super-classes
Processor c
is also defined as
named individual

Certificatec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Certificate

has super-classes
Digital Artifact c
is also defined as
named individual

Certificate Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificateAnalysis

has super-classes
Network Traffic Analysis c
has sub-classes
Active Certificate Analysis c, Passive Certificate Analysis c
has members
Active Certificate Analysis ni, Certificate Analysis ni, Passive Certificate Analysis ni
is also defined as
named individual

Certificate Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificateFile

has super-classes
File c
has sub-classes
CA Certificate File c
is also defined as
named individual

Certificate Pinningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificatePinning

has super-classes
Credential Hardening c
is also defined as
named individual

Certificate Trust Storec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificateTrustStore

has super-classes
Trust Store c
is also defined as
named individual

Certificate-based Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Certificate-basedAuthentication

has super-classes
Credential Hardening c
is also defined as
named individual

Change Default File Associationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1042

has super-classes
Persistence Technique c

Change Default File Associationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.001

has super-classes
Event Triggered Execution c
is also defined as
named individual

Chatroom Clientc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ChatroomClient

Is defined by
http://dbpedia.org/resource/Chat_room
has super-classes
Collaborative Software c

Child Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ChildProcess

Is defined by
http://dbpedia.org/resource/Child_process
has super-classes
Process c

Clear Command Historyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.003

has super-classes
Indicator Removal on Host c
is also defined as
named individual

Clear Command Historyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1146

has super-classes
Defense Evasion Technique c

Clear Linux or Mac System Logsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.002

has super-classes
Indicator Removal on Host c
is also defined as
named individual

Clear Windows Event Logsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.001

has super-classes
Indicator Removal on Host c
is also defined as
named individual

Client Applicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ClientApplication

has super-classes
Application c
is also defined as
named individual

Client Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ClientComputer

Is defined by
http://dbpedia.org/resource/Client_(computing)
has super-classes
Host c
has sub-classes
Embedded Computer c, Personal Computer c, Shared Computer c

Client Configurationsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1592.004

has super-classes
Gather Victim Host Information c

Client-server Payload Profilingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Client-serverPayloadProfiling

has super-classes
Network Traffic Analysis c
is also defined as
named individual

Clipboardc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Clipboard

has super-classes
Digital Artifact c
is also defined as
named individual

Clipboard Datac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1115

has super-classes
Collection Technique c
is also defined as
named individual

Cloud Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.004

has super-classes
Create Account c
is also defined as
named individual

Cloud Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1136.003

has super-classes
Create Account c

Cloud Accountsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.004

has super-classes
Valid Accounts c
is also defined as
named individual

Cloud Configurationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudConfiguration

has super-classes
Configuration Resource c
has sub-classes
Cloud Instance Metadata c
is also defined as
named individual

Cloud Groupsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1069.003

has super-classes
Permission Groups Discovery c

Cloud Infrastructure Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1580

has super-classes
Discovery Technique c

Cloud Instance Metadatac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudInstanceMetadata

has super-classes
Cloud Configuration c
is also defined as
named individual

Cloud Instance Metadata APIc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.005

has super-classes
Unsecured Credentials c
is also defined as
named individual

Cloud Instance Metadata APIc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1522

has super-classes
Credential Access Technique c

Cloud Service Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudServiceAuthentication

has super-classes
Web Authentication c
is also defined as
named individual

Cloud Service Authorizationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudServiceAuthorization

has super-classes
Authorization c
is also defined as
named individual

Cloud Service Dashboardc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1538

has super-classes
Discovery Technique c
is also defined as
named individual

Cloud Service Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1526

has super-classes
Discovery Technique c
is also defined as
named individual

Cloud Service Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudServiceSensor

has super-classes
Sensor c
is also defined as
named individual

Cloud Storagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudStorage

has super-classes
Secondary Storage c
is also defined as
named individual

Cloud Storage Object Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1619

has super-classes
Discovery Technique c
is also defined as
named individual

Cloud User Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudUserAccount

has super-classes
User Account c
is also defined as
named individual

CMSTPc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1191

has super-classes
Defense Evasion Technique c, Execution Technique c

CMSTPc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.003

has super-classes
Signed Binary Proxy Execution c
is also defined as
named individual

Code Analyzerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CodeAnalyzer

has super-classes
Developer Application c
has sub-classes
Dynamic Analysis Tool c, Static Analysis Tool c

Code Repositoriesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213.003

has super-classes
Data from Information Repositories c
is also defined as
named individual

Code Repositoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CodeRepository

has super-classes
Database c
is also defined as
named individual

Code Signingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1116

has super-classes
Defense Evasion Technique c

Code Signingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.002

has super-classes
Subvert Trust Controls c
is also defined as
named individual

Code Signing Certificatesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1587.002

has super-classes
Develop Capabilities c

Code Signing Certificatesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1588.003

has super-classes
Obtain Capabilities c

Code Signing Policy Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.006

has super-classes
Subvert Trust Controls c

Collaborative Softwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CollaborativeSoftware

Is defined by
http://dbpedia.org/resource/Collaborative_software
has super-classes
User Application c
has sub-classes
Business Communication Platform Client c, Chatroom Client c, Instant Messaging Client c

Collectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Collection

has super-classes
Offensive Tactic c
is also defined as
named individual

Collection Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CollectionTechnique

has super-classes
Offensive Technique c
has sub-classes
Archive Collected Data c, Audio Capture c, Automated Collection c, Clipboard Data c, Data Staged c, Data from Cloud Storage Object c, Data from Configuration Repository c, Data from Information Repositories c, Data from Local System c, Data from Network Shared Drive c, Data from Removable Media c, Email Collection c, Input Capture c, Man in the Browser c, Man-in-the-Middle c, Screen Capture c, Video Capture c
is also defined as
named individual

Commandc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Command

has super-classes
Digital Artifact c, Digital Event c
has sub-classes
Database Query c, Remote Command c
is also defined as
named individual

Command And Controlc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandAndControl

has super-classes
Offensive Tactic c
is also defined as
named individual

Command and Control Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandAndControlTechnique

has super-classes
Offensive Technique c
has sub-classes
Application Layer Protocol c, Communication Through Removable Media c, Custom Command and Control Protocol c, Custom Cryptographic Protocol c, Data Encoding c, Data Obfuscation c, Domain Fronting c, Domain Generation Algorithms c, Dynamic Resolution c, Encrypted Channel c, Fallback Channels c, Ingress Tool Transfer c, Multi-Stage Channels c, Multi-hop Proxy c, Multilayer Encryption c, Non-Application Layer Protocol c, Non-Standard Port c, Protocol Tunneling c, Proxy c, Remote Access Software c, Standard Cryptographic Protocol c, Traffic Signaling c, Uncommonly Used Port c, Web Service c
is also defined as
named individual

Command and Scripting Interpreter Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059

has super-classes
Execution Technique c
has sub-classes
AppleScript Execution c, JavaScript/JScript c, Network Device CLI c, PowerShell Execution c, Python Execution c, Unix Shell Execution c, VBScript Execution c, Windows Command Shell Execution c
is also defined as
named individual

Command History Logc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandHistoryLog

has super-classes
Event Log c
is also defined as
named individual

Command History Log Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandHistoryLogFile

has super-classes
Log File c
is also defined as
named individual

Command Line Interfacec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandLineInterface

Is defined by
http://dbpedia.org/resource/Command-line_interface
has super-classes
User Interface c

Common Attack Patternc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommonAttackPattern

has super-classes
CAPEC Thing c
has sub-classes
Exploitation of Transient Instruction Execution c
has members
Exploitation of Transient Instruction Execution ni

Communication Through Removable Mediac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1092

has super-classes
Command and Control Technique c
is also defined as
named individual

Compile After Deliveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.004

has super-classes
Obfuscated Files or Information c
is also defined as
named individual

Compile After Deliveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1500

has super-classes
Defense Evasion Technique c

Compiled HTML Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.001

has super-classes
Signed Binary Proxy Execution c
is also defined as
named individual

Compiled HTML Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1223

has super-classes
Defense Evasion Technique c, Execution Technique c

Compilerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Compiler

has super-classes
Build Tool c
is also defined as
named individual

Compiler Configuration Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CompilerConfigurationFile

has super-classes
Application Configuration File c
is also defined as
named individual

Component Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1109

has super-classes
Defense Evasion Technique c, Persistence Technique c

Component Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.002

has super-classes
Pre-OS Boot c
is also defined as
named individual

Component Object Model Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1559.001

has super-classes
Inter-Process Communication Execution c

Component Object Model Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1122

has super-classes
Defense Evasion Technique c, Persistence Technique c

Component Object Model Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.015

has super-classes
Event Triggered Execution c
is also defined as
named individual

Composite Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CompositeTechnique

has super-classes
D3FEND Thing c

Compromise Accountsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1586

has super-classes
Resource Development Technique c
has sub-classes
Email Accounts c, Social Media Accounts c

Compromise Client Software Binaryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1554

has super-classes
Persistence Technique c
is also defined as
named individual

Compromise Hardware Supply Chainc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195.003

has super-classes
Supply Chain Compromise c
is also defined as
named individual

Compromise Infrastructurec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1584

has super-classes
Resource Development Technique c
has sub-classes
Botnet c, DNS Server c, Domains c, Server c, Virtual Private Server c, Web Services c

Compromise Software Dependencies and Development Toolsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195.001

has super-classes
Supply Chain Compromise c
is also defined as
named individual

Compromise Software Supply Chainc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195.002

has super-classes
Supply Chain Compromise c
is also defined as
named individual

Computing Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ComputingServer

Is defined by
https://www.encyclopedia.com/computing/dictionaries-thesauruses-pictures-and-press-releases/compute-server
has super-classes
Server c

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-362

has super-classes
Weakness c
is also defined as
named individual

Conference Paperc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConferencePaper

has super-classes
Academic Article c

Configuration Databasec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConfigurationDatabase

has super-classes
Configuration Resource c
has sub-classes
Application Configuration Database c, Configuration Management Database c
is also defined as
named individual

Configuration Database Recordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConfigurationDatabaseRecord

has super-classes
Configuration Resource c, Record c
has sub-classes
Application Configuration Database Record c, System Configuration Database Record c
is also defined as
named individual

Configuration Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConfigurationFile

Is defined by
http://dbpedia.org/resource/Configuration_file
has super-classes
File c
has sub-classes
Application Configuration File c, Operating System Configuration File c, Property List File c, User Init Configuration File c

Configuration Inventoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConfigurationInventory

has super-classes
Asset Inventory c
is also defined as
named individual

Configuration Management Databasec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConfigurationManagementDatabase

Is defined by
https://web.archive.org/web/20111201040529/http://www.best-management-practice.com/gempdf/itil_glossary_v3_1_24.pdf
has super-classes
Configuration Database c

Configuration Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConfigurationResource

has super-classes
Resource c
has sub-classes
Access Control Configuration c, Application Configuration c, Cloud Configuration c, Configuration Database c, Configuration Database Record c, Operating System Configuration c
is also defined as
named individual

Confluencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213.001

has super-classes
Data from Information Repositories c
is also defined as
named individual

Connect Socketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConnectSocket

has super-classes
System Call c
is also defined as
named individual

Connected Honeynetc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConnectedHoneynet

has super-classes
Decoy Environment c
is also defined as
named individual

Connection Attempt Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConnectionAttemptAnalysis

has super-classes
Network Traffic Analysis c
is also defined as
named individual

Console Output Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConsoleOutputFunction

has super-classes
Subroutine c

Container Administration Commandc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1609

has super-classes
Execution Technique c

Container and Resource Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1613

has super-classes
Discovery Technique c

Container APIc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.007

has super-classes
Unsecured Credentials c

Container Build Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ContainerBuildTool

has super-classes
Software Packaging Tool c

Container Imagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ContainerImage

has super-classes
File c
is also defined as
named individual

Container Orchestration Jobc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.007

has super-classes
Scheduled Task/Job Execution c

Container Orchestration Softwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ContainerOrchestrationSoftware

has super-classes
Service Application c
is also defined as
named individual

Container Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ContainerProcess

has super-classes
Application Process c

Container Runtimec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ContainerRuntime

has super-classes
Service Application c
is also defined as
named individual

contributionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Contribution

has super-classes
D3FEND Thing c

Control Catalogc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ControlCatalog

has super-classes
Catalog c
has sub-classes
Control Correlation Identifier Catalog c, NIST SP 800-53 Control Catalog c

Control Correlation Identifier Catalogc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ControlCorrelationIdentifierCatalog

has super-classes
Control Catalog c
has members
CCI Catalog v2022-04-05 ni

Control Panel Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.002

has super-classes
Signed Binary Proxy Execution c
is also defined as
named individual

Control Panel Itemsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1196

has super-classes
Defense Evasion Technique c, Execution Technique c

Copy Memory Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CopyMemoryFunction

has super-classes
Subroutine c
is also defined as
named individual

Copy Tokenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CopyToken

has super-classes
System Call c
has members
Copy Token ni
is also defined as
named individual

COR_PROFILERc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.012

has super-classes
Hijack Execution Flow c
is also defined as
named individual

Create Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1136

has super-classes
Persistence Technique c, Privilege Escalation Technique c
has sub-classes
Cloud Account c, Cloud Account c, Domain Account c, Domain Account c, Local Account c, Local Account c
is also defined as
named individual

Create Cloud Instancec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1578.002

has super-classes
Modify Cloud Compute Infrastructure c

Create Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateFile

has super-classes
System Call c
is also defined as
named individual

Create or Modify System Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543

has super-classes
Persistence Technique c, Privilege Escalation Technique c
has sub-classes
Launch Agent c, Launch Daemon c, Systemd Service c, Windows Service c

Create Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateProcess

has super-classes
System Call c
has members
Linux Exec ni
is also defined as
named individual

Create Process with Tokenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.002

has super-classes
Access Token Manipulation c
is also defined as
named individual

Create Snapshotc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1578.001

has super-classes
Modify Cloud Compute Infrastructure c

Create Socketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateSocket

has super-classes
System Call c
is also defined as
named individual

Create Threadc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateThread

has super-classes
System Call c
is also defined as
named individual

Credentialc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Credential

has super-classes
Digital Artifact c
has sub-classes
Access Token c, Encrypted Credential c, Password c, Session Cookie c
is also defined as
named individual

Credential Accessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialAccess

has super-classes
Offensive Tactic c
is also defined as
named individual

Credential Access Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialAccessTechnique

has super-classes
Offensive Technique c
has sub-classes
Bash History c, Brute Force c, Cloud Instance Metadata API c, Credentials from Password Stores c, Credentials from Web Browsers c, Credentials in Files c, Credentials in Registry c, Exploitation for Credential Access c, Forced Authentication c, Forge Web Credentials c, Hooking c, Input Capture c, Input Prompt c, Kerberoasting c, Keychain c, LLMNR/NBT-NS Poisoning and Relay c, Man-in-the-Middle c, Modify Authentication Process c, Multi-Factor Authentication Request Generation c, Network Sniffing c, OS Credential Dumping c, Password Filter DLL c, Private Keys c, Securityd Memory c, Steal Application Access Token c, Steal Web Session Cookie c, Steal or Forge Kerberos Tickets c, Two-Factor Authentication Interception c, Unsecured Credentials c
is also defined as
named individual

Credential API Hookingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.004

has super-classes
Input Capture c
is also defined as
named individual

Credential Compromise Scope Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialCompromiseScopeAnalysis

has super-classes
User Behavior Analysis c
is also defined as
named individual

Credential Evictionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialEviction

has super-classes
Defensive Technique c
has sub-classes
Account Locking c, Authentication Cache Invalidation c, Credential Revoking c
has members
Account Locking ni, Authentication Cache Invalidation ni, Credential Revoking ni
is also defined as
named individual

Credential Hardeningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialHardening

has super-classes
Defensive Technique c
has sub-classes
Biometric Authentication c, Certificate Pinning c, Certificate-based Authentication c, Credential Transmission Scoping c, Domain Trust Policy c, Multi-factor Authentication c, One-time Password c, Strong Password Policy c, User Account Permissions c
has members
Biometric Authentication ni, Certificate Pinning ni, Certificate-based Authentication ni, Credential Transmission Scoping ni, Domain Trust Policy ni, Multi-factor Authentication ni, One-time Password ni, Strong Password Policy ni, User Account Permissions ni
is also defined as
named individual

Credential Management Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialManagementSystem

has super-classes
Service Application c
is also defined as
named individual

Credential Revokingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialRevoking

has super-classes
Credential Eviction c
is also defined as
named individual

Credential Stuffingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.004

has super-classes
Brute Force c
is also defined as
named individual

Credential Transmission Scopingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialTransmissionScoping

has super-classes
Credential Hardening c
is also defined as
named individual

Credentialsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1589.001

has super-classes
Gather Victim Identity Information c

Credentials from Password Storesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555

has super-classes
Credential Access Technique c
has sub-classes
Credentials from Web Browsers c, Keychain c, Password Managers c, Securityd Memory c, Windows Credential Manager c
is also defined as
named individual

Credentials from Web Browsersc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1503

has super-classes
Credential Access Technique c

Credentials from Web Browsersc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.003

has super-classes
Credentials from Password Stores c
is also defined as
named individual

Credentials in Filesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1081

has super-classes
Credential Access Technique c

Credentials in Filesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.001

has super-classes
Unsecured Credentials c
is also defined as
named individual

Credentials in Registryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1214

has super-classes
Credential Access Technique c

Credentials in Registryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.002

has super-classes
Unsecured Credentials c
is also defined as
named individual

Cron Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.003

has super-classes
Scheduled Task/Job Execution c

Cross-Site Request Forgery (CSRF)c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-352

has super-classes
Weakness c
is also defined as
named individual

Cryptographic Keyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CryptographicKey

Is defined by
http://dbpedia.org/resource/Public-key_cryptography
has super-classes
Digital Artifact c
has sub-classes
Asymmetric Key c, Symmetric Key c

Custom Archive Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CustomArchiveFile

has super-classes
Archive File c
is also defined as
named individual

Custom Command and Control Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1094

has super-classes
Command and Control Technique c

Custom Cryptographic Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1024

has super-classes
Command and Control Technique c

D3FEND Catalog Thingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#D3FENDCatalogThing

has super-classes
D3FEND Thing c
has sub-classes
Agent c, Analysis of Alternatives c, Assessment c, Capability Feature c, Capability Implementation c, Information Content Entity c, Proposition c

D3FEND Use Casec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#D3FENDUseCase

has super-classes
D3FEND Use Case Thing c
is disjoint with
Target Audience c, Use Case Goal c, Use Case Prerequisite c, Use Case Procedure c, Use Case Step c

D3FEND Use Case Thingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#D3FENDUseCaseThing

has super-classes
D3FEND Thing c
has sub-classes
D3FEND Use Case c, Target Audience c, Use Case Goal c, Use Case Prerequisite c, Use Case Procedure c, Use Case Step c

Data Artifact Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DataArtifactServer

has super-classes
Artifact Server c

Data Compressedc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1002

has super-classes
Exfiltration Technique c

Data Dependencyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DataDependency

has super-classes
Dependency c
is also defined as
named individual

Data Destructionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1485

has super-classes
Impact Technique c

Data Encodingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1132

has super-classes
Command and Control Technique c
has sub-classes
Non-Standard Encoding c, Standard Encoding c
is also defined as
named individual

Data Encryptedc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1022

has super-classes
Exfiltration Technique c

Data Encrypted for Impactc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1486

has super-classes
Impact Technique c

Data Exchange Mappingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DataExchangeMapping

has super-classes
System Mapping c
is also defined as
named individual

Data from Cloud Storage Objectc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1530

has super-classes
Collection Technique c

Data from Configuration Repositoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1602

has super-classes
Collection Technique c
has sub-classes
Network Device Configuration Dump c, SNMP (MIB Dump) c

Data from Information Repositoriesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213

has super-classes
Collection Technique c, Discovery Technique c
has sub-classes
Code Repositories c, Confluence c, Sharepoint c
is also defined as
named individual

Data from Local Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1005

has super-classes
Collection Technique c
is also defined as
named individual

Data from Network Shared Drivec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1039

has super-classes
Collection Technique c
is also defined as
named individual

Data from Removable Mediac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1025

has super-classes
Collection Technique c
is also defined as
named individual

Data Inventoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DataInventory

has super-classes
Asset Inventory c
is also defined as
named individual

Data Manipulationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1565

has super-classes
Impact Technique c
has sub-classes
Runtime Data Manipulation c, Stored Data Manipulation c, Transmitted Data Manipulation c

Data Obfuscationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1001

has super-classes
Command and Control Technique c
has sub-classes
Junk Data c, Protocol Impersonation c, Steganography c
is also defined as
named individual

Data Stagedc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1074

has super-classes
Collection Technique c
has sub-classes
Local Data Staging c, Remote Data Staging c
is also defined as
named individual

Data Transfer Size Limitsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1030

has super-classes
Exfiltration Technique c
is also defined as
named individual

Databasec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Database

has super-classes
Digital Artifact c
has sub-classes
Code Repository c, Password Database c, System Configuration Database c
is also defined as
named individual

Database Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DatabaseFile

has super-classes
File c
is also defined as
named individual

Database Queryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DatabaseQuery

has super-classes
Command c
has sub-classes
Remote Database Query c
is also defined as
named individual

Database Query String Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DatabaseQueryStringAnalysis

has super-classes
Process Analysis c
is also defined as
named individual

Database Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DatabaseServer

has super-classes
Server c
is also defined as
named individual

DCSyncc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.006

has super-classes
OS Credential Dumping c
is also defined as
named individual

Dead Code Eliminationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DeadCodeElimination

has super-classes
Application Hardening c
is also defined as
named individual

Dead Drop Resolverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1102.001

has super-classes
Web Service c

Debugger Evasionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1622

has super-classes
Defense Evasion Technique c, Discovery Technique c

Deceivec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Deceive

has super-classes
Defensive Tactic c
is also defined as
named individual

Decoy Artifactc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyArtifact

has super-classes
Digital Artifact c
is also defined as
named individual

Decoy Environmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyEnvironment

has super-classes
Defensive Technique c
has sub-classes
Connected Honeynet c, Integrated Honeynet c, Standalone Honeynet c
has members
Connected Honeynet ni, Integrated Honeynet ni, Standalone Honeynet ni
is also defined as
named individual

Decoy Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyFile

has super-classes
Decoy Object c
is also defined as
named individual

Decoy Network Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyNetworkResource

has super-classes
Decoy Object c
is also defined as
named individual

Decoy Objectc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyObject

has super-classes
Defensive Technique c
has sub-classes
Decoy File c, Decoy Network Resource c, Decoy Persona c, Decoy Public Release c, Decoy Session Token c, Decoy User Credential c
has members
Decoy File ni, Decoy Network Resource ni, Decoy Persona ni, Decoy Public Release ni, Decoy Session Token ni, Decoy User Credential ni
is also defined as
named individual

Decoy Personac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyPersona

has super-classes
Decoy Object c
is also defined as
named individual

Decoy Public Releasec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyPublicRelease

has super-classes
Decoy Object c
is also defined as
named individual

Decoy Session Tokenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoySessionToken

has super-classes
Decoy Object c
is also defined as
named individual

Decoy User Credentialc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyUserCredential

has super-classes
Decoy Object c
is also defined as
named individual

Defacementc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1491

has super-classes
Impact Technique c
has sub-classes
External Defacement c, Internal Defacement c

Default Accountsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.001

has super-classes
Valid Accounts c
is also defined as
named individual

Default User Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefaultUserAccount

has super-classes
User Account c
is also defined as
named individual

Defense Evasionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefenseEvasion

has super-classes
Offensive Tactic c
is also defined as
named individual

Defense Evasion Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefenseEvasionTechnique

has super-classes
Offensive Technique c
has sub-classes
Abuse Elevation Control Mechanism c, Access Token Manipulation c, Application Access Token c, BITS Jobs c, Binary Padding c, Build Image on Host c, Bypass User Account Control c, CMSTP c, Clear Command History c, Code Signing c, Compile After Delivery c, Compiled HTML File c, Component Firmware c, Component Object Model Hijacking c, Control Panel Items c, DLL Search Order Hijacking c, DLL Side-Loading c, Debugger Evasion c, Deobfuscate/Decode Files or Information c, Deploy Container c, Direct Volume Access c, Disabling Security Tools c, Execution Guardrails c, Exploitation for Defense Evasion c, Extra Window Memory Injection c, File Deletion c, File and Directory Permissions Modification c, Gatekeeper Bypass c, Group Policy Modification c, HISTCONTROL c, Hidden Files and Directories c, Hidden Users c, Hidden Window c, Hide Artifacts c, Hijack Execution Flow c, Image File Execution Options Injection c, Impair Defenses c, Indicator Blocking c, Indicator Removal from Tools c, Indicator Removal on Host c, Indirect Command Execution c, Install Root Certificate c, InstallUtil c, Launchctl c, Masquerading c, Modify Authentication Process c, Modify Cloud Compute Infrastructure c, Modify Registry c, Modify System Image c, Mshta c, NTFS File Attributes c, Network Boundary Bridging c, Network Share Connection Removal c, Obfuscated Files or Information c, Parent PID Spoofing c, Plist File Modification c, Plist Modification c, Pre-OS Boot c, Process Doppelgänging c, Process Hollowing c, Process Injection c, Reflective Code Loading c, Regsvcs/Regasm c, Regsvr32 c, Revert Cloud Instance c, Rogue Domain Controller c, Rootkit c, Rundll32 c, SIP and Trust Provider Hijacking c, Signed Binary Proxy Execution c, Signed Script Proxy Execution c, Software Packing c, Space after Filename c, Subvert Trust Controls c, Template Injection c, Timestomp c, Traffic Signaling c, Trusted Developer Utilities Proxy Execution c, Unused/Unsupported Cloud Regions c, Use Alternate Authentication Material c, Valid Accounts c, Virtualization/Sandbox Evasion c, Weaken Encryption c, Web Session Cookie c, XSL Script Processing c
is also defined as
named individual

Defensive Tacticc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefensiveTactic

Is defined by
http://wordnet-rdf.princeton.edu/id/05913746-n
has super-classes
D3FEND Thing c
has sub-classes
Deceive c, Detect c, Evict c, Harden c, Isolate c, Model c
has members
Deceive ni, Detect ni, Evict ni, Harden ni, Isolate ni, Model ni

Defensive Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefensiveTechnique

has super-classes
Capability Feature c, D3FEND Thing c, Technique c
has sub-classes
Application Hardening c, Asset Inventory c, Credential Eviction c, Credential Hardening c, Decoy Environment c, Decoy Object c, Execution Isolation c, File Analysis c, File Eviction c, Identifier Analysis c, Message Analysis c, Message Hardening c, Network Isolation c, Network Mapping c, Network Traffic Analysis c, Operational Activity Mapping c, Platform Hardening c, Platform Monitoring c, Process Analysis c, Process Eviction c, System Mapping c, User Behavior Analysis c
is in domain of
d3fend-tactical-verb-property op, may-be-tactically-associated-with op
has members
Application Hardening ni, Asset Inventory ni, Credential Eviction ni, Credential Hardening ni, Decoy Environment ni, Decoy Object ni, Execution Isolation ni, File Analysis ni, File Eviction ni, Identifier Analysis ni, Message Analysis ni, Message Hardening ni, Network Isolation ni, Network Mapping ni, Network Traffic Analysis ni, Operational Activity Mapping ni, Platform Hardening ni, Platform Monitoring ni, Process Analysis ni, Process Eviction ni, System Mapping ni, User Behavior Analysis ni
is also defined as
named individual

Defensive Technique Assessmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefensiveTechniqueAssessment

has super-classes
Feature Assessment c
is in range of
assesses op

Defensive Technique Claimc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefensiveTechniqueClaim

has super-classes
Capability Feature Claim c
is in domain of
assesses op

Delete Cloud Instancec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1578.003

has super-classes
Modify Cloud Compute Infrastructure c

Deobfuscate/Decode Files or Informationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1140

has super-classes
Defense Evasion Technique c
is also defined as
named individual

Dependencyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Dependency

has super-classes
Digital Artifact c
has sub-classes
Activity Dependency c, Data Dependency c, Service Dependency c, System Dependency c
is also defined as
named individual

Deploy Containerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1610

has super-classes
Defense Evasion Technique c, Execution Technique c

Deserialization Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DeserializationFunction

has super-classes
Subroutine c
is also defined as
named individual

Deserialization of Untrusted Datac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-502

has super-classes
Weakness c
is also defined as
named individual

Desktop Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DesktopComputer

Is defined by
http://dbpedia.org/resource/Desktop_computer
has super-classes
Personal Computer c

Detectc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Detect

has super-classes
Defensive Tactic c
is also defined as
named individual

Determine Physical Locationsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1591.001

has super-classes
Gather Victim Org Information c

Develop Capabilitiesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1587

has super-classes
Resource Development Technique c
has sub-classes
Code Signing Certificates c, Digital Certificates c, Exploits c, Malware c

Developer Applicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DeveloperApplication

has super-classes
User Application c
has sub-classes
Build Tool c, Code Analyzer c, Network Traffic Analysis Software c, Test Execution Tool c, Version Control Tool c

Device Registrationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.005

has super-classes
Account Manipulation c

DHCP Spoofingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1557.003

has super-classes
Man-in-the-Middle c

Dial Up Modemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DialUpModem

Is defined by
http://dbpedia.org/resource/Modem#Dial-up
has super-classes
Modem c

Digital Artifactc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DigitalArtifact

has super-classes
Artifact c, Digital Object c
has sub-classes
Address Space c, Binary Large Object c, Binary Segment c, Blob c, Block Device c, Boot Loader c, Call Stack c, Certificate c, Clipboard c, Command c, Credential c, Cryptographic Key c, DNS Lookup c, Database c, Decoy Artifact c, Dependency c, Digital System c, Directory c, Display Server c, Domain Registration c, Enclave c, File Section c, File System c, File System Link c, Hardware Device c, Hardware Driver c, Identifier c, Interprocess Communication c, Intrusion Detection System c, Kernel Process Table c, Link c, Log c, Memory Address c, Memory Extent c, Metadata c, Network c, Network Flow c, Network Node c, Network Traffic c, Operating System c, Page Table c, Partition c, Partition Table c, Physical Location c, Platform c, Pointer c, Process c, Process Image c, Process Tree c, Record c, Resource c, Sensor c, Session c, Shadow Stack c, Software c, Software Package c, Stack Component c, Storage c, System Call c, Task Schedule c, Thread c, Trust Store c, User c, User Account c, User Action c, User Behavior c, User Interface c, User to User Message c, Volume c
is in domain of
d3fend-artifact-data-property dp
is in range of
hides op
has members
Network Traffic Analysis Software ni
is also defined as
named individual

Digital Certificatesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1587.003

has super-classes
Develop Capabilities c

Digital Certificatesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1588.004

has super-classes
Obtain Capabilities c

Digital Certificatesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1596.003

has super-classes
Search Open Technical Databases c

Digital Eventc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DigitalEvent

has super-classes
D3FEND Thing c
has sub-classes
Command c, DNS Lookup c, Resource Access c, System Call c, User Action c

Digital Objectc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DigitalObject

has super-classes
D3FEND Thing c
has sub-classes
Digital Artifact c

Digital Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DigitalSystem

has super-classes
Digital Artifact c, System c
has sub-classes
Legacy System c
is also defined as
named individual

Direct Network Floodc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1498.001

has super-classes
Network Denial of Service c
is also defined as
named individual

Direct Volume Accessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1006

has super-classes
Defense Evasion Technique c
is also defined as
named individual

Directoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Directory

has super-classes
Digital Artifact c
has sub-classes
Startup Directory c, System Startup Directory c
is also defined as
named individual

Directory Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DirectoryService

has super-classes
Network Service c
is also defined as
named individual

Disable Cloud Logsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.008

has super-classes
Impair Defenses c

Disable Crypto Hardwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1600.002

has super-classes
Weaken Encryption c

Disable or Modify Cloud Firewallc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.007

has super-classes
Impair Defenses c

Disable or Modify System Firewallc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.004

has super-classes
Impair Defenses c
is also defined as
named individual

Disable or Modify Toolsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.001

has super-classes
Impair Defenses c
is also defined as
named individual

Disable Windows Event Loggingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.002

has super-classes
Impair Defenses c
is also defined as
named individual

Disabling Security Toolsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1089

has super-classes
Defense Evasion Technique c

Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Discovery

has super-classes
Offensive Tactic c
is also defined as
named individual

Discovery Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DiscoveryTechnique

has super-classes
Offensive Technique c
has sub-classes
Account Discovery c, Application Window Discovery c, Browser Bookmark Discovery c, Cloud Infrastructure Discovery c, Cloud Service Dashboard c, Cloud Service Discovery c, Cloud Storage Object Discovery c, Container and Resource Discovery c, Data from Information Repositories c, Debugger Evasion c, Domain Trust Discovery c, File and Directory Discovery c, Group Policy Discovery c, Network Service Scanning c, Network Share Discovery c, Network Sniffing c, Password Policy Discovery c, Peripheral Device Discovery c, Permission Groups Discovery c, Process Discovery c, Query Registry c, Remote System Discovery c, Security Software Discovery c, Software Discovery c, System Information Discovery c, System Location Discovery c, System Network Configuration Discovery c, System Network Connections Discovery c, System Owner/User Discovery c, System Service Discovery c, System Time Discovery c
is also defined as
named individual

Disk Content Wipec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1488

has super-classes
Impact Technique c

Disk Content Wipec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1561.001

has super-classes
Disk Wipe c
is also defined as
named individual

Disk Encryptionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DiskEncryption

has super-classes
Platform Hardening c
is also defined as
named individual

Disk Structure Wipec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1487

has super-classes
Impact Technique c

Disk Structure Wipec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1561.002

has super-classes
Disk Wipe c
is also defined as
named individual

Disk Wipec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1561

has super-classes
Impact Technique c
has sub-classes
Disk Content Wipe c, Disk Structure Wipe c

Display Adapterc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DisplayAdapter

has super-classes
Output Device c
is also defined as
named individual

Display Device Driverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DisplayDeviceDriver

has super-classes
Hardware Driver c
is also defined as
named individual

Display Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DisplayServer

has super-classes
Digital Artifact c
is also defined as
named individual

Distributed Component Object Modelc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.003

has super-classes
Remote Services c

DLL Search Order Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1038

has super-classes
Defense Evasion Technique c, Persistence Technique c, Privilege Escalation Technique c

DLL Search Order Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.001

has super-classes
Hijack Execution Flow c
is also defined as
named individual

DLL Side-Loadingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1073

has super-classes
Defense Evasion Technique c

DLL Side-Loadingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.002

has super-classes
Hijack Execution Flow c
is also defined as
named individual

DNSc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.004

has super-classes
Application Layer Protocol c
is also defined as
named individual

DNSc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1590.002

has super-classes
Gather Victim Network Information c

DNS Allowlistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSAllowlisting

has super-classes
Network Isolation c
is also defined as
named individual

DNS Calculationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1568.003

has super-classes
Dynamic Resolution c

DNS Denylistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSDenylisting

has super-classes
Network Isolation c
has sub-classes
Forward Resolution Domain Denylisting c, Forward Resolution IP Denylisting c, Reverse Resolution Domain Denylisting c, Reverse Resolution IP Denylisting c
has members
Forward Resolution Domain Denylisting ni, Forward Resolution IP Denylisting ni, Reverse Resolution Domain Denylisting ni, Reverse Resolution IP Denylisting ni
is also defined as
named individual

DNS Lookupc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSLookup

has super-classes
Digital Artifact c, Digital Event c
has sub-classes
Internet DNS Lookup c, Intranet DNS Lookup c
is also defined as
named individual

DNS Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSNetworkTraffic

has super-classes
Network Traffic c
has sub-classes
Outbound Internet DNS Lookup Traffic c
is also defined as
named individual

DNS Recordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSRecord

has super-classes
Record c

DNS Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSServer

Is defined by
http://dbpedia.org/resource/Name_server
has super-classes
Server c

DNS Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1583.002

has super-classes
Acquire Infrastructure c

DNS Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1584.002

has super-classes
Compromise Infrastructure c

DNS Traffic Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSTrafficAnalysis

has super-classes
Network Traffic Analysis c
is also defined as
named individual

DNS/Passive DNSc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1596.001

has super-classes
Search Open Technical Databases c

Documentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Document

has super-classes
Information Content Entity c
has sub-classes
Article c, Patent c, Policy c, Specification c, User Manual c

Document Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DocumentFile

has super-classes
File c
has sub-classes
Email c, Email Attachment c, HTML File c, Multimedia Document File c, Office Application File c
has members
Adobe PDF File 1.3 ni, Microsoft Word DOC File ni, Microsoft Word DOCB File ni, Microsoft Word DOCM File ni, Microsoft Word DOCX File ni, Microsoft Word DOT File ni, Microsoft Word DOTM File ni, Microsoft Word DOTX File ni, Microsoft Word WBK File ni
is also defined as
named individual

Domain Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.002

has super-classes
Create Account c
is also defined as
named individual

Domain Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1136.002

has super-classes
Create Account c

Domain Account Monitoringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainAccountMonitoring

has super-classes
User Behavior Analysis c
is also defined as
named individual

Domain Accountsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.002

has super-classes
Valid Accounts c
is also defined as
named individual

Domain Controller Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.001

has super-classes
Modify Authentication Process c

Domain Frontingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.004

has super-classes
Proxy c
is also defined as
named individual

Domain Frontingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1172

has super-classes
Command and Control Technique c

Domain Generation Algorithmsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1483

has super-classes
Command and Control Technique c

Domain Generation Algorithmsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1568.002

has super-classes
Dynamic Resolution c

Domain Groupsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1069.002

has super-classes
Permission Groups Discovery c

Domain Namec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainName

has super-classes
Identifier c
has members
ASCII Domain Name ni, FQDN Domain Name ni, Hostname ni, Internationalized Domain Name ni
is also defined as
named individual

Domain Name Reputation Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainNameReputationAnalysis

has super-classes
Identifier Reputation Analysis c
is also defined as
named individual

Domain Propertiesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1590.001

has super-classes
Gather Victim Network Information c

Domain Registrationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainRegistration

has super-classes
Digital Artifact c
has members
WHOIS Compatible Domain Registration ni
is also defined as
named individual

Domain Trust Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1482

has super-classes
Discovery Technique c

Domain Trust Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1484.002

has super-classes
Group Policy Modification c

Domain Trust Policyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainTrustPolicy

has super-classes
Credential Hardening c
is also defined as
named individual

Domain User Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainUserAccount

has super-classes
User Account c
has sub-classes
Global User Account c
is also defined as
named individual

Domainsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1583.001

has super-classes
Acquire Infrastructure c

Domainsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1584.001

has super-classes
Compromise Infrastructure c

Double File Extensionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.007

has super-classes
Masquerading c
is also defined as
named individual

Downgrade Attackc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.010

has super-classes
Impair Defenses c
is also defined as
named individual

Downgrade System Imagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1601.002

has super-classes
Modify System Image c

Drive-by Compromisec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1189

has super-classes
Initial Access Technique c
is also defined as
named individual

Drive-by Targetc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1608.004

has super-classes
Stage Capabilities c

Driver Load Integrity Checkingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DriverLoadIntegrityChecking

has super-classes
Platform Hardening c
is also defined as
named individual

Dylib Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1157

has super-classes
Persistence Technique c, Privilege Escalation Technique c

Dylib Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.004

has super-classes
Hijack Execution Flow c
is also defined as
named individual

Dynamic Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DynamicAnalysis

has super-classes
File Analysis c
is also defined as
named individual

Dynamic Analysis Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DynamicAnalysisTool

Is defined by
http://dbpedia.org/resource/Dynamic_program_analysis
has super-classes
Code Analyzer c

Dynamic Data Exchangec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1173

has super-classes
Execution Technique c

Dynamic Data Exchange Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1559.002

has super-classes
Inter-Process Communication Execution c

Dynamic Resolutionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1568

has super-classes
Command and Control Technique c
has sub-classes
DNS Calculation c, Domain Generation Algorithms c, Fast Flux DNS c
is also defined as
named individual

Dynamic-link Library Injectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.001

has super-classes
Process Injection c
is also defined as
named individual

Elevated Execution with Promptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1514

has super-classes
Privilege Escalation Technique c

Elevated Execution with Promptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.004

has super-classes
Abuse Elevation Control Mechanism c
is also defined as
named individual

Emailc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Email

has super-classes
Document File c
has members
MSG Email File ni
is also defined as
named individual

Email Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.003

has super-classes
Account Discovery c

Email Accountsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1585.002

has super-classes
Establish Accounts c

Email Accountsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1586.002

has super-classes
Compromise Accounts c

Email Addressesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1589.002

has super-classes
Gather Victim Identity Information c

Email Attachmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmailAttachment

has super-classes
Document File c
is also defined as
named individual

Email Collectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114

has super-classes
Collection Technique c
has sub-classes
Email Forwarding Rule c, Local Email Collection c, Remote Email Collection c
is also defined as
named individual

Email Forwarding Rulec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114.003

has super-classes
Email Collection c
is also defined as
named individual

Email Hiding Rulesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.008

has super-classes
Hide Artifacts c
is also defined as
named individual

Email Removalc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmailRemoval

has super-classes
File Removal c
is also defined as
named individual

Email Rulec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmailRule

has super-classes
Application Rule c
is also defined as
named individual

Embedded Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmbeddedComputer

Is defined by
http://dbpedia.org/resource/Embedded_system
has super-classes
Client Computer c

Emondc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1519

has super-classes
Persistence Technique c, Privilege Escalation Technique c

Emondc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.014

has super-classes
Event Triggered Execution c
is also defined as
named individual

Employee Namesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1589.003

has super-classes
Gather Victim Identity Information c

Emulated File Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmulatedFileAnalysis

has super-classes
File Analysis c
is also defined as
named individual

Enclavec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Enclave

has super-classes
Digital Artifact c
is also defined as
named individual

Encrypted Channelc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1573

has super-classes
Command and Control Technique c
has sub-classes
Asymmetric Cryptography c, Symmetric Cryptography c
is also defined as
named individual

Encrypted Credentialc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EncryptedCredential

has super-classes
Credential c
has sub-classes
Encrypted Password c
is also defined as
named individual

Encrypted Passwordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EncryptedPassword

has super-classes
Encrypted Credential c, Password c

Encrypted Tunnelsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EncryptedTunnels

has super-classes
Network Isolation c
is also defined as
named individual

Endpoint Denial of Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1499

has super-classes
Impact Technique c
has sub-classes
Application Exhaustion Flood c, Application or System Exploitation c, OS Exhaustion Flood c

Endpoint Health Beaconc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EndpointHealthBeacon

has super-classes
Operating System Monitoring c
is also defined as
named individual

Endpoint Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EndpointSensor

has super-classes
Sensor c
has sub-classes
Application Inventory Sensor c, File System Sensor c, Firmware Sensor c, Host Configuration Sensor c, Kernel API Sensor c
is also defined as
named individual

Environmental Keyingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1480.001

has super-classes
Execution Guardrails c

Escape to Hostc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1611

has super-classes
Privilege Escalation Technique c

Establish Accountsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1585

has super-classes
Resource Development Technique c
has sub-classes
Email Accounts c, Social Media Accounts c

Eval Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EvalFunction

has super-classes
Subroutine c
is also defined as
named individual

Event Logc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EventLog

has super-classes
Log c
has sub-classes
Command History Log c
is also defined as
named individual

Event Triggered Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546

has super-classes
Persistence Technique c, Privilege Escalation Technique c
has sub-classes
.bash_profile and .bashrc c, Accessibility Features c, AppCert DLLs c, AppInit DLLs c, Application Shimming c, Change Default File Association c, Component Object Model Hijacking c, Emond c, Image File Execution Options Injection c, LC_LOAD_DYLIB Addition c, Netsh Helper DLL c, PowerShell Profile c, Screensaver c, Trap c, Windows Management Instrumentation Event Subscription c

Evictc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Evict

has super-classes
Defensive Tactic c
is also defined as
named individual

Eviction Latencyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EvictionLatency

has super-classes
Latency c
has members
non-real-time-eviction ni, real-time-eviction ni

Exception Handlerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExceptionHandler

has super-classes
Subroutine c

Exception Handler Pointer Validationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExceptionHandlerPointerValidation

has super-classes
Application Hardening c
is also defined as
named individual

Exchange Email Delegate Permissionsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.002

has super-classes
Account Manipulation c
is also defined as
named individual

Executable Allowlistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableAllowlisting

has super-classes
Execution Isolation c
is also defined as
named individual

Executable Binaryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableBinary

has super-classes
Executable File c
has members
Linux ELF File 32bit ni, Linux ELF File 64bit ni, PE32 Executable File ni, PE32+ Executable File ni
is also defined as
named individual

Executable Denylistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableDenylisting

has super-classes
Execution Isolation c
is also defined as
named individual

Executable Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableFile

has super-classes
File c
has sub-classes
Executable Binary c, Executable Script c
is also defined as
named individual

Executable Installer File Permissions Weaknessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.005

has super-classes
Hijack Execution Flow c
is also defined as
named individual

Executable Scriptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableScript

has super-classes
Executable File c
has sub-classes
Init Script c, Python Script File c, System Init Script c, User Init Script c, User Startup Script File c, Web Script File c
has members
Bash Script File ni, Javascript File ni, Lua Script File ni, Powershell Script File ni, Ruby Script File ni, Windows Batch File ni
is also defined as
named individual

Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Execution

has super-classes
Offensive Tactic c
is also defined as
named individual

Execution Guardrailsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1480

has super-classes
Defense Evasion Technique c
has sub-classes
Environmental Keying c

Execution Isolationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutionIsolation

has super-classes
Defensive Technique c
has sub-classes
Executable Allowlisting c, Executable Denylisting c, Hardware-based Process Isolation c, IO Port Restriction c, Kernel-based Process Isolation c
has members
Executable Denylisting ni, Hardware-based Process Isolation ni, IO Port Restriction ni, Kernel-based Process Isolation ni
is also defined as
named individual

Execution Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutionTechnique

has super-classes
Offensive Technique c
has sub-classes
AppleScript c, CMSTP c, Command and Scripting Interpreter Execution c, Compiled HTML File c, Container Administration Command c, Control Panel Items c, Deploy Container c, Dynamic Data Exchange c, Exploitation for Client Execution c, InstallUtil c, Inter-Process Communication Execution c, LSASS Driver c, Launchctl c, Local Job Scheduling c, Mshta c, Native API Execution c, PowerShell c, Regsvcs/Regasm c, Regsvr32 c, Rundll32 c, Scheduled Task/Job Execution c, Service Execution c, Shared Modules Execution c, Signed Binary Proxy Execution c, Signed Script Proxy Execution c, Software Deployment Tools Execution c, Space after Filename c, System Services c, Trap c, User Execution c, Windows Management Instrumentation Execution c, Windows Remote Management c
is also defined as
named individual

Exfiltrationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Exfiltration

has super-classes
Offensive Tactic c
is also defined as
named individual

Exfiltration Over Alternative Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048

has super-classes
Exfiltration Technique c
has sub-classes
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol c, Exfiltration Over Symmetric Encrypted Non-C2 Protocol c, Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol c
is also defined as
named individual

Exfiltration Over Asymmetric Encrypted Non-C2 Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048.002

has super-classes
Exfiltration Over Alternative Protocol c
is also defined as
named individual

Exfiltration Over Bluetoothc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1011.001

has super-classes
Exfiltration Over Other Network Medium c

Exfiltration Over C2 Channelc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1041

has super-classes
Exfiltration Technique c
is also defined as
named individual

Exfiltration Over Other Network Mediumc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1011

has super-classes
Exfiltration Technique c
has sub-classes
Exfiltration Over Bluetooth c
is also defined as
named individual

Exfiltration Over Physical Mediumc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1052

has super-classes
Exfiltration Technique c
has sub-classes
Exfiltration over USB c

Exfiltration Over Symmetric Encrypted Non-C2 Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048.001

has super-classes
Exfiltration Over Alternative Protocol c
is also defined as
named individual

Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048.003

has super-classes
Exfiltration Over Alternative Protocol c
is also defined as
named individual

Exfiltration over USBc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1052.001

has super-classes
Exfiltration Over Physical Medium c
is also defined as
named individual

Exfiltration Over Web Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1567

has super-classes
Exfiltration Technique c
has sub-classes
Exfiltration to Cloud Storage c, Exfiltration to Code Repository c
is also defined as
named individual

Exfiltration Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExfiltrationTechnique

has super-classes
Offensive Technique c
has sub-classes
Automated Exfiltration c, Data Compressed c, Data Encrypted c, Data Transfer Size Limits c, Exfiltration Over Alternative Protocol c, Exfiltration Over C2 Channel c, Exfiltration Over Other Network Medium c, Exfiltration Over Physical Medium c, Exfiltration Over Web Service c, Scheduled Transfer c, Transfer Data to Cloud Account c
is also defined as
named individual

Exfiltration to Cloud Storagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1567.002

has super-classes
Exfiltration Over Web Service c
is also defined as
named individual

Exfiltration to Code Repositoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1567.001

has super-classes
Exfiltration Over Web Service c
is also defined as
named individual

Exploit Public-Facing Applicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1190

has super-classes
Initial Access Technique c
is also defined as
named individual

Exploitation for Client Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1203

has super-classes
Execution Technique c
is also defined as
named individual

Exploitation for Credential Accessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1212

has super-classes
Credential Access Technique c
is also defined as
named individual

Exploitation for Defense Evasionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1211

has super-classes
Defense Evasion Technique c
is also defined as
named individual

Exploitation for Privilege Escalationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1068

has super-classes
Privilege Escalation Technique c
is also defined as
named individual

Exploitation of Remote Servicesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1210

has super-classes
Lateral Movement Technique c
is also defined as
named individual

Exploitation of Transient Instruction Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CAPEC-663

has super-classes
Common Attack Pattern c
is also defined as
named individual

Exploitsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1587.004

has super-classes
Develop Capabilities c

Exploitsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1588.005

has super-classes
Obtain Capabilities c

External Content Inclusion Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExternalContentInclusionFunction

has super-classes
Subroutine c
is also defined as
named individual

External Controlc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExternalControl

has super-classes
D3FEND Thing c
has sub-classes
CCI Control c, NIST Control c

External Defacementc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1491.002

has super-classes
Defacement c
is also defined as
named individual

External Knowledge Basec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExternalKnowledgeBase

has super-classes
Information Content Entity c, Technique Reference c
has members
Reference - CAR-2013-01-002: Autorun Differences - MITRE ni, Reference - CAR-2013-01-003: SMB Events Monitoring - MITRE ni, Reference - CAR-2013-02-003: Processes Spawning cmd.exe - MITRE ni, Reference - CAR-2013-02-008: Simultaneous Logins on a Host - MITRE ni, Reference - CAR-2013-02-012: User Logged in to Multiple Hosts - MITRE ni, Reference - CAR-2013-03-001: Reg.exe called from Command Shell - MITRE ni, Reference - CAR-2013-04-002: Quick execution of a series of suspicious commands - MITRE ni, Reference - CAR-2013-05-002: Suspicious Run Locations - MITRE ni, Reference - CAR-2013-05-003: SMB Write Request - MITRE ni, Reference - CAR-2013-05-004: Execution with AT - MITRE ni, Reference - CAR-2013-05-005: SMB Copy and Execution - MITRE ni, Reference - CAR-2013-07-001: Suspicious Arguments - MITRE ni, Reference - CAR-2013-07-002: RDP Connection Detection - MITRE ni, Reference - CAR-2013-07-005: Command Line Usage of Archiving Software - MITRE ni, Reference - CAR-2013-08-001: Execution with schtasks - MITRE ni, Reference - CAR-2013-09-003: SMB Session Setups - MITRE ni, Reference - CAR-2013-09-005: Service Outlier Executables - MITRE ni, Reference - CAR-2013-10-001: User Login Activity Monitoring - MITRE ni, Reference - CAR-2013-10-002: DLL Injection via Load Library - MITRE ni, Reference - CAR-2014-02-001: Service Binary Modifications - MITRE ni, Reference - CAR-2014-03-001: SMB Write Request - NamedPipes - MITRE ni, Reference - CAR-2014-03-005: Remotely Launched Executables via Services - MITRE ni, Reference - CAR-2014-03-006: RunDLL32.exe monitoring - MITRE ni, Reference - CAR-2014-04-003: Powershell Execution - MITRE ni, Reference - CAR-2014-05-001: RPC Activity - MITRE ni, Reference - CAR-2014-05-002: Services launching Cmd - MITRE ni, Reference - CAR-2014-07-001: Service Search Path Interception - MITRE ni, Reference - CAR-2014-11-002: Outlier Parents of Cmd - MITRE ni, Reference - CAR-2014-11-003: Debuggers for Accessibility Applications - MITRE ni, Reference - CAR-2014-11-005: Remote Registry - MITRE ni, Reference - CAR-2014-11-006: Windows Remote Management (WinRM) - MITRE ni, Reference - CAR-2014-11-007: Remote Windows Management Instrumentation (WMI) over RPC - MITRE ni, Reference - CAR-2014-11-008: Command Launched from WinLogon - MITRE ni, Reference - CAR-2014-12-001: Remotely Launched Executables via WMI - MITRE ni, Reference - CAR-2015-04-001: Remotely Scheduled Tasks via AT - MITRE ni, Reference - CAR-2015-04-002: Remotely Scheduled Tasks via Schtasks - MITRE ni, Reference - CAR-2015-07-001: All Logins Since Last Boot - MITRE ni, Reference - CAR-2016-03-001: Host Discovery Commands - MITRE ni, Reference - CAR-2016-03-002: Create Remote Process via WMIC - MITRE ni, Reference - CAR-2016-04-002: User Activity from Clearing Event Logs - MITRE ni, Reference - CAR-2016-04-003: User Activity from Stopping Windows Defensive Services - MITRE ni, Reference - CAR-2016-04-004: Successful Local Account Login ni, Reference - CAR-2016-04-005: Remote Desktop Logon - MITRE ni, Reference - CAR-2019-04-001: UAC Bypass - MITRE ni, Reference - CAR-2019-04-002: Generic Regsvr32 - MITRE ni, Reference - CAR-2019-04-003: Squiblydoo - MITRE ni, Reference - CAR-2019-04-004: Credential Dumping via Mimikatz - MITRE ni, Reference - CAR-2019-07-001: Access Permission Modification - MITRE ni, Reference - CAR-2019-07-002: Lsass Process Dump via Procdump - MITRE ni, Reference - CAR-2019-08-001: Credential Dumping via Windows Task Manager - MITRE ni, Reference - CAR-2019-08-002: Active Directory Dumping via NTDSUtil - MITRE ni, Reference - CAR-2020-04-001: Shadow Copy Deletion - MITRE ni, Reference - CAR-2020-05-001: MiniDump of LSASS - MITRE ni, Reference - CAR-2020-05-003: Rare LolBAS Command Lines - MITRE ni, Reference - CAR-2020-08-001: NTFS Alternate Data Stream Execution - System Utilities - MITRE ni, Reference - CAR-2020-09-001: Scheduled Task - FileAccess - MITRE ni, Reference - CAR-2020-09-002: Component Object Model Hijacking - MITRE ni, Reference - CAR-2020-09-003: Indicator Blocking - Driver Unloaded - MITRE ni, Reference - CAR-2020-09-004: Credentials in Files & Registry - MITRE ni, Reference - CAR-2020-09-005: AppInit DLLs - MITRE ni, Reference - CAR-2020-11-001: Boot or Logon Initialization Scripts - MITRE ni, Reference - CAR-2020-11-002: Local Network Sniffing - MITRE ni, Reference - CAR-2020-11-003: DLL Injection with Mavinject - MITRE ni, Reference - CAR-2020-11-004: Processes Started From Irregular Parent - MITRE ni, Reference - CAR-2020-11-005: Clear Powershell Console Command History - MITRE ni, Reference - CAR-2020-11-006: Local Permission Group Discovery - MITRE ni, Reference - CAR-2020-11-007: Network Share Connection Removal - MITRE ni, Reference - CAR-2020-11-008: MSBuild and msxsl - MITRE ni, Reference - CAR-2020-11-009: Compiled HTML Access - MITRE ni, Reference - CAR-2020-11-010: CMSTP - MITRE ni, Reference - CAR-2020-11-011: Registry Edit from Screensaver ni, Reference - CAR-2021-01-002: Unusually Long Command Line Strings - MITRE ni, Reference - CAR-2021-01-003: Clearing Windows Logs with Wevtutil - MITRE ni, Reference - CAR-2021-01-004: Unusual Child Process for Spoolsv.Exe or Connhost.Exe - MITRE ni, Reference - CAR-2021-01-006: Unusual Child Process spawned using DDE exploit - MITRE ni, Reference - CAR-2021-01-007: Detecting Tampering of Windows Defender Command Prompt - MITRE ni, Reference - CAR-2021-01-008: Disable UAC - MITRE ni, Reference - CAR-2021-01-009: Detecting Shadow Copy Deletion via Vssadmin.exe - MITRE ni, Reference - CAR-2021-02-001: Webshell-Indicative Process Tree - MITRE ni, Reference - CAR-2021-02-002: Get System Elevation - MITRE ni, Reference - CAR-2021-04-001: Common Windows Process Masquerading - MITRE ni, Reference - CAR-2021-05-001: Attempt To Add Certificate To Untrusted Store - MITRE ni, Reference - CAR-2021-05-002: Batch File Write to System32 - MITRE ni, Reference - CAR-2021-05-003: BCDEdit Failure Recovery Modification - MITRE ni, Reference - CAR-2021-05-004: BITS Job Persistence - MITRE ni, Reference - CAR-2021-05-005: BITSAdmin Download File - MITRE ni, Reference - CAR-2021-05-006: CertUtil Download With URLCache and Split Arguments - MITRE ni, Reference - CAR-2021-05-007: CertUtil Download With VerifyCtl and Split Arguments - MITRE ni, Reference - CAR-2021-05-008: Certutil exe certificate extraction - MITRE ni, Reference - CAR-2021-05-009: CertUtil With Decode Argument - MITRE ni, Reference - CAR-2021-05-010: Create local admin accounts using net exe - MITRE ni, Reference - CAR-2021-05-011: Create Remote Thread into LSASS - MITRE ni

External Proxyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.002

has super-classes
Proxy c
is also defined as
named individual

External Remote Servicesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1133

has super-classes
Initial Access Technique c, Persistence Technique c
is also defined as
named individual

Extra Window Memory Injectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.011

has super-classes
Process Injection c

Extra Window Memory Injectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1181

has super-classes
Defense Evasion Technique c, Privilege Escalation Technique c

Fallback Channelsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1008

has super-classes
Command and Control Technique c
is also defined as
named individual

Fast Flux DNSc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1568.001

has super-classes
Dynamic Resolution c

Feature Assessmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FeatureAssessment

has super-classes
Assessment c
has sub-classes
Admin Feature Assessment c, Defensive Technique Assessment c

Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#File

has super-classes
Resource c
has sub-classes
Archive File c, Certificate File c, Configuration File c, Container Image c, Database File c, Document File c, Executable File c, Log File c, NTFS Link c, Object File c, Operating System File c, Password File c, Shortcut File c, Software Library File c, Symbolic Link c
is also defined as
named individual

File Access Pattern Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileAccessPatternAnalysis

has super-classes
Process Analysis c
is also defined as
named individual

File Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileAnalysis

has super-classes
Defensive Technique c
has sub-classes
Dynamic Analysis c, Emulated File Analysis c, File Content Rules c, File Hashing c
has members
Dynamic Analysis ni, Emulated File Analysis ni, File Content Rules ni, File Hashing ni
is also defined as
named individual

File and Directory Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1083

has super-classes
Discovery Technique c
is also defined as
named individual

File and Directory Permissions Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1222

has super-classes
Defense Evasion Technique c
has sub-classes
Linux and Mac File and Directory Permissions Modification c, Windows File and Directory Permissions Modification c
is also defined as
named individual

File Carvingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileCarving

has super-classes
Network Traffic Analysis c
is also defined as
named individual

File Content Rulesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileContentRules

has super-classes
File Analysis c
is also defined as
named individual

File Creation Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileCreationAnalysis

has super-classes
System Call Analysis c
is also defined as
named individual

File Deletionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.004

has super-classes
Indicator Removal on Host c
is also defined as
named individual

File Deletionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1107

has super-classes
Defense Evasion Technique c

File Encryptionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileEncryption

has super-classes
Platform Hardening c
is also defined as
named individual

File Evictionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileEviction

has super-classes
Defensive Technique c
has sub-classes
File Removal c
has members
File Removal ni
is also defined as
named individual

File Hashc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileHash

has super-classes
Identifier c
is also defined as
named individual

File Hash Reputation Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileHashReputationAnalysis

has super-classes
Identifier Reputation Analysis c
is also defined as
named individual

File Hashingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileHashing

has super-classes
File Analysis c
is also defined as
named individual

File Path Open Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FilePathOpenFunction

has super-classes
Subroutine c
is also defined as
named individual

File Removalc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileRemoval

has super-classes
File Eviction c
has sub-classes
Email Removal c
has members
Email Removal ni
is also defined as
named individual

File Sectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSection

has super-classes
Digital Artifact c
has sub-classes
Image Segment c, Resource Fork c
is also defined as
named individual

File Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileServer

has super-classes
Server c
is also defined as
named individual

File Share Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileShareService

has super-classes
Network Service c

File Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSystem

has super-classes
Digital Artifact c
is also defined as
named individual

File System Metadatac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSystemMetadata

has super-classes
Metadata c
is also defined as
named individual

File System Permissions Weaknessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1044

has super-classes
Persistence Technique c, Privilege Escalation Technique c

File System Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSystemSensor

has super-classes
Endpoint Sensor c
is also defined as
named individual

File Transfer Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileTransferNetworkTraffic

has super-classes
Network Traffic c
has sub-classes
Internet File Transfer Traffic c, Intranet File Transfer Traffic c, Outbound Internet File Transfer Traffic c
is also defined as
named individual

File Transfer Protocolsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.002

has super-classes
Application Layer Protocol c
is also defined as
named individual

Finger Print Scanner Input Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FingerPrintScannerInputDevice

Is defined by
http://dbpedia.org/resource/Fingerprint#Fingerprint_sensors
has super-classes
Image Scanner Input Device c

Firewallc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Firewall

has super-classes
Network Node c
has sub-classes
Application Layer Firewall c

Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Firmware

has super-classes
Software c
has sub-classes
Microcode c, Peripheral Firmware c, System Firmware c
is also defined as
named individual

Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1592.003

has super-classes
Gather Victim Host Information c

Firmware Behavior Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareBehaviorAnalysis

has super-classes
Platform Monitoring c
is also defined as
named individual

Firmware Corruptionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1495

has super-classes
Impact Technique c

Firmware Embedded Monitoring Codec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareEmbeddedMonitoringCode

has super-classes
Platform Monitoring c
is also defined as
named individual

Firmware Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareSensor

has super-classes
Endpoint Sensor c
is also defined as
named individual

Firmware Verificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareVerification

has super-classes
Platform Monitoring c
has sub-classes
Peripheral Firmware Verification c, System Firmware Verification c
has members
Peripheral Firmware Verification ni, System Firmware Verification ni
is also defined as
named individual

First-stage Boot Loaderc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#First-stageBootLoader

has super-classes
Boot Loader c

Flash Memoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FlashMemory

Is defined by
https://dbpedia.org/page/Flash_memory
has super-classes
Secondary Storage c

Forced Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1187

has super-classes
Credential Access Technique c
is also defined as
named individual

Forge Web Credentialsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1606

has super-classes
Credential Access Technique c
has sub-classes
SAML Tokens c, Web Cookies c

Forward Proxy Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ForwardProxyServer

Is defined by
http://dbpedia.org/resource/Open_proxy
has super-classes
Proxy Server c

Forward Resolution Domain Denylistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ForwardResolutionDomainDenylisting

has super-classes
DNS Denylisting c
has sub-classes
Hierarchical Domain Denylisting c, Homoglyph Denylisting c
has members
Hierarchical Domain Denylisting ni, Homoglyph Denylisting ni
is also defined as
named individual

Forward Resolution IP Denylistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ForwardResolutionIPDenylisting

has super-classes
DNS Denylisting c
is also defined as
named individual

Free Memoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FreeMemory

has super-classes
System Call c
is also defined as
named individual

Gatekeeper Bypassc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1144

has super-classes
Defense Evasion Technique c

Gatekeeper Bypassc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.001

has super-classes
Subvert Trust Controls c
is also defined as
named individual

Gather Victim Host Informationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1592

has super-classes
Reconnaissance Technique c
has sub-classes
Client Configurations c, Firmware c, Hardware c, Software c

Gather Victim Identity Informationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1589

has super-classes
Reconnaissance Technique c
has sub-classes
Credentials c, Email Addresses c, Employee Names c

Gather Victim Network Informationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1590

has super-classes
Reconnaissance Technique c
has sub-classes
DNS c, Domain Properties c, IP Addresses c, Network Security Appliances c, Network Topology c, Network Trust Dependencies c

Gather Victim Org Informationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1591

has super-classes
Reconnaissance Technique c
has sub-classes
Business Relationships c, Determine Physical Locations c, Identify Business Tempo c, Identify Roles c

Get Open Socketsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetOpenSockets

has super-classes
System Call c
is also defined as
named individual

Get Open Windowsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetOpenWindows

has super-classes
System Call c
has members
get foreground window ni
is also defined as
named individual

Get Running Processesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetRunningProcesses

has super-classes
System Call c
is also defined as
named individual

Get Screen Capturec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetScreenCapture

has super-classes
System Call c
is also defined as
named individual

Get System Config Valuec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetSystemConfigValue

has super-classes
System Config System Call c
has sub-classes
Get System Network Config Value c
has members
reg open key a ni, reg open key ex a ni, reg open key ex w ni, reg open key transacted a ni, reg open key transacted w ni, reg open key w ni
is also defined as
named individual

Get System Network Config Valuec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetSystemNetworkConfigValue

has super-classes
Get System Config Value c
is also defined as
named individual

Get System Timec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetSystemTime

has super-classes
System Call c
is also defined as
named individual

Global User Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GlobalUserAccount

has super-classes
Domain User Account c
is also defined as
named individual

Golden Ticketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558.001

has super-classes
Steal or Forge Kerberos Tickets c
is also defined as
named individual

Graphical User Interfacec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GraphicalUserInterface

has super-classes
User Interface c
is also defined as
named individual

Graphics Card Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GraphicsCardFirmware

has super-classes
Peripheral Firmware c

Graphics Processing Unitc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GraphicsProcessingUnit

has super-classes
Processor c

Group Policyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GroupPolicy

has super-classes
Access Control Configuration c
is also defined as
named individual

Group Policy Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1615

has super-classes
Discovery Technique c
is also defined as
named individual

Group Policy Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1484

has super-classes
Defense Evasion Technique c, Privilege Escalation Technique c
has sub-classes
Domain Trust Modification c, Group Policy Modification c
is also defined as
named individual

Group Policy Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1484.001

has super-classes
Group Policy Modification c

Group Policy Preferencesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.006

has super-classes
Unsecured Credentials c
is also defined as
named individual

GUI Input Capturec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.002

has super-classes
Input Capture c
is also defined as
named individual

Guidancec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Guidance

has super-classes
Policy c

Guideline Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GuidelineReference

has super-classes
Policy Reference c
has members
Reference - Audit User Account Management ni, Reference - Digital Identity Guidelines 800-63-3 ni, Reference - NIST Special Publication 800-160 Volume 1 - System Security Engineering ni, Reference - NIST Special Publication 800-37 Revision 2 - Risk Management Framework for Information Systems and Organizations ni, Reference - NIST Special Publication 800-53A Revision 5 - Assessing Security and Privacy Controls in Information Systems and Organizations ni, Reference - NISTIR 8011 Volume 1 - Automation Support for Security Control Assessments ni, Reference - Platform Firmware Resiliency Guidelines - NIST ni, Reference - Red Hat Enterprise Linux 8 Security Technical Implementation Guide ni, Reference - Securing Web Transactions ni, Reference - Securing Web Transactions TLS Server Certificate Management - Appendix A Passive Inspection ni, Reference - Windows 10 STIG ni

Hard Disk Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardDiskFirmware

has super-classes
Peripheral Firmware c

Hardenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Harden

has super-classes
Defensive Tactic c
is also defined as
named individual

Hardwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1592.001

has super-classes
Gather Victim Host Information c

Hardware Additionsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1200

has super-classes
Initial Access Technique c
is also defined as
named individual

Hardware Component Inventoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardwareComponentInventory

has super-classes
Asset Inventory c
is also defined as
named individual

Hardware Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardwareDevice

has super-classes
Digital Artifact c, Physical Artifact c
has sub-classes
Input Device c, Memory Management Unit Component c, Output Device c, Primary Storage c, Processor c, Processor Component c, Removable Media Device c, Secondary Storage c, Security Token c, Tertiary Storage c
is also defined as
named individual

Hardware Driverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardwareDriver

has super-classes
Digital Artifact c
has sub-classes
Display Device Driver c
is also defined as
named individual

Hardware-based Process Isolationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Hardware-basedProcessIsolation

has super-classes
Execution Isolation c
is also defined as
named individual

Heap Segmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HeapSegment

has super-classes
Process Segment c

Hidden File Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.005

has super-classes
Hide Artifacts c
is also defined as
named individual

Hidden Files and Directoriesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1158

has super-classes
Defense Evasion Technique c, Persistence Technique c

Hidden Files and Directoriesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.001

has super-classes
Hide Artifacts c
is also defined as
named individual

Hidden Usersc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1147

has super-classes
Defense Evasion Technique c

Hidden Usersc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.002

has super-classes
Hide Artifacts c
is also defined as
named individual

Hidden Windowc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1143

has super-classes
Defense Evasion Technique c

Hidden Windowc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.003

has super-classes
Hide Artifacts c
is also defined as
named individual

Hide Artifactsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564

has super-classes
Defense Evasion Technique c
has sub-classes
Email Hiding Rules c, Hidden File System c, Hidden Files and Directories c, Hidden Users c, Hidden Window c, NTFS File Attributes c, Process Argument Spoofing c, Resource Forking c, Run Virtual Instance c, VBA Stomping c

Hierarchical Domain Denylistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HierarchicalDomainDenylisting

has super-classes
Forward Resolution Domain Denylisting c
is also defined as
named individual

Hijack Execution Flowc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574

has super-classes
Defense Evasion Technique c, Persistence Technique c, Privilege Escalation Technique c
has sub-classes
COR_PROFILER c, DLL Search Order Hijacking c, DLL Side-Loading c, Dylib Hijacking c, Executable Installer File Permissions Weakness c, KernelCallbackTable c, LD_PRELOAD c, Path Interception by PATH Environment Variable c, Path Interception by Search Order Hijacking c, Path Interception by Unquoted Path c, Services File Permissions Weakness c, Services Registry Permissions Weakness c

HISTCONTROLc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1148

has super-classes
Defense Evasion Technique c

Homoglyph Denylistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HomoglyphDenylisting

has super-classes
Forward Resolution Domain Denylisting c
is also defined as
named individual

Homoglyph Detectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HomoglyphDetection

has super-classes
Identifier Analysis c
is also defined as
named individual

Hookingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1179

has super-classes
Credential Access Technique c, Persistence Technique c, Privilege Escalation Technique c

Hostc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Host

has super-classes
Network Node c
has sub-classes
Client Computer c, Server c
is also defined as
named individual

Host Configuration Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HostConfigurationSensor

has super-classes
Endpoint Sensor c
is also defined as
named individual

Host-based Firewallc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Host-basedFirewall

has super-classes
System Software c
is also defined as
named individual

Hostnamec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Hostname

has super-classes
Identifier c
is also defined as
named individual

HTML Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HTMLFile

has super-classes
Document File c

HTML Smugglingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.006

has super-classes
Obfuscated Files or Information c
is also defined as
named individual

Human Input Device Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HumanInputDeviceFirmware

has super-classes
Peripheral Firmware c

Identifierc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Identifier

has super-classes
Digital Artifact c
has sub-classes
Domain Name c, File Hash c, Hostname c, IP Address c, URL c
is in domain of
addresses op
is in range of
addressed-by op
is also defined as
named individual

Identifier Activity Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IdentifierActivityAnalysis

has super-classes
Identifier Analysis c
is also defined as
named individual

Identifier Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IdentifierAnalysis

has super-classes
Defensive Technique c
has sub-classes
Homoglyph Detection c, Identifier Activity Analysis c, Identifier Reputation Analysis c, URL Analysis c
has members
Homoglyph Detection ni, Identifier Activity Analysis ni, Identifier Reputation Analysis ni, URL Analysis ni
is also defined as
named individual

Identifier Reputation Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IdentifierReputationAnalysis

has super-classes
Identifier Analysis c
has sub-classes
Domain Name Reputation Analysis c, File Hash Reputation Analysis c, IP Reputation Analysis c, URL Reputation Analysis c
has members
Domain Name Reputation Analysis ni, File Hash Reputation Analysis ni, IP Reputation Analysis ni, URL Reputation Analysis ni
is also defined as
named individual

Identify Business Tempoc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1591.003

has super-classes
Gather Victim Org Information c

Identify Rolesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1591.004

has super-classes
Gather Victim Org Information c

IIS Componentsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.004

has super-classes
Server Software Component c
is also defined as
named individual

Image Code Segmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImageCodeSegment

has super-classes
Image Segment c
has members
AMD64 Code Segment ni, ARM32 Code Segment ni, X86 Code Segment ni
is also defined as
named individual

Image Data Segmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImageDataSegment

has super-classes
Image Segment c
is also defined as
named individual

Image File Execution Options Injectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1183

has super-classes
Defense Evasion Technique c, Persistence Technique c, Privilege Escalation Technique c

Image File Execution Options Injectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.012

has super-classes
Event Triggered Execution c
is also defined as
named individual

Image Scanner Input Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImageScannerInputDevice

Is defined by
http://dbpedia.org/resource/Image_scanner
has super-classes
Video Input Device c
has sub-classes
Barcode Scanner Input Device c, Finger Print Scanner Input Device c

Image Segmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImageSegment

has super-classes
Binary Segment c, File Section c
has sub-classes
Image Code Segment c, Image Data Segment c

Impactc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Impact

has super-classes
Offensive Tactic c
is also defined as
named individual

Impact Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImpactTechnique

has super-classes
Offensive Technique c
has sub-classes
Account Access Removal c, Data Destruction c, Data Encrypted for Impact c, Data Manipulation c, Defacement c, Disk Content Wipe c, Disk Structure Wipe c, Disk Wipe c, Endpoint Denial of Service c, Firmware Corruption c, Inhibit System Recovery c, Network Denial of Service c, Resource Hijacking c, Runtime Data Manipulation c, Service Stop c, Stored Data Manipulation c, System Shutdown/Reboot c, Transmitted Data Manipulation c
is also defined as
named individual

Impair Command History Loggingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.003

has super-classes
Impair Defenses c
is also defined as
named individual

Impair Defensesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562

has super-classes
Defense Evasion Technique c
has sub-classes
Disable Cloud Logs c, Disable Windows Event Logging c, Disable or Modify Cloud Firewall c, Disable or Modify System Firewall c, Disable or Modify Tools c, Downgrade Attack c, Impair Command History Logging c, Indicator Blocking c, Safe Mode Boot c

Impersonate Userc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImpersonateUser

has super-classes
System Call c
has members
Impersonate User ni
is also defined as
named individual

Implant Container Imagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1525

has super-classes
Persistence Technique c
is also defined as
named individual

Import Library Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImportLibraryFunction

has super-classes
Subroutine c
is also defined as
named individual

Improper Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-287

has super-classes
Weakness c
is also defined as
named individual

Improper Control of Generation of Code ('Code Injection')c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-94

has super-classes
Weakness c
is also defined as
named individual

Improper Input Validationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-20

has super-classes
Weakness c
is also defined as
named individual

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-22

has super-classes
Weakness c
is also defined as
named individual

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-79

has super-classes
Weakness c
is also defined as
named individual

Improper Neutralization of Special Elements used in a Command ('Command Injection')c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-77

has super-classes
Weakness c
is also defined as
named individual

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-78

has super-classes
Weakness c
is also defined as
named individual

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-89

has super-classes
Weakness c
is also defined as
named individual

Improper Restriction of Operations within the Bounds of a Memory Bufferc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-119

has super-classes
Weakness c
is also defined as
named individual

Improper Restriction of XML External Entity Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-611

has super-classes
Weakness c
is also defined as
named individual

In-memory Password Storec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#In-memoryPasswordStore

has super-classes
Password Store c
is also defined as
named individual

Inbound Internet DNS Response Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundInternetDNSResponseTraffic

has super-classes
Inbound Internet Network Traffic c
is also defined as
named individual

Inbound Internet Mail Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundInternetMailTraffic

has super-classes
Inbound Internet Network Traffic c, Inbound Network Traffic c, Mail Network Traffic c
is also defined as
named individual

Inbound Internet Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundInternetNetworkTraffic

has super-classes
Inbound Network Traffic c, Internet Network Traffic c
has sub-classes
Inbound Internet DNS Response Traffic c, Inbound Internet Mail Traffic c
is also defined as
named individual

Inbound Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundNetworkTraffic

has super-classes
Network Traffic c
has sub-classes
Inbound Internet Mail Traffic c, Inbound Internet Network Traffic c
is also defined as
named individual

Inbound Session Volume Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundSessionVolumeAnalysis

has super-classes
Network Traffic Analysis c
is also defined as
named individual

Inbound Traffic Filteringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundTrafficFiltering

has super-classes
Network Traffic Filtering c
is also defined as
named individual

Incorrect Default Permissionsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-276

has super-classes
Weakness c
is also defined as
named individual

Indicator Blockingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1054

has super-classes
Defense Evasion Technique c

Indicator Blockingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.006

has super-classes
Impair Defenses c

Indicator Removal from Toolsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.005

has super-classes
Obfuscated Files or Information c

Indicator Removal from Toolsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1066

has super-classes
Defense Evasion Technique c

Indicator Removal on Hostc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070

has super-classes
Defense Evasion Technique c
has sub-classes
Clear Command History c, Clear Linux or Mac System Logs c, Clear Windows Event Logs c, File Deletion c, Network Share Connection Removal c, Timestomp c

Indirect Branch Call Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IndirectBranchCallAnalysis

has super-classes
Process Analysis c
is also defined as
named individual

Indirect Command Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1202

has super-classes
Defense Evasion Technique c

Information Content Entityc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InformationContentEntity

Is defined by
BFO, Cyc equiv, SUMO equiv, [Ontology Works] equiv
has super-classes
D3FEND Catalog Thing c
has sub-classes
Catalog c, Document c, External Knowledge Base c, License c, Source Code c
is in range of
cites op

Ingress Tool Transferc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1105

has super-classes
Command and Control Technique c
is also defined as
named individual

Inhibit System Recoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1490

has super-classes
Impact Technique c

Init Scriptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InitScript

has super-classes
Executable Script c
has sub-classes
Network Init Script File Resource c, User Init Script c

Initial Accessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InitialAccess

has super-classes
Offensive Tactic c
is also defined as
named individual

Initial Access Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InitialAccessTechnique

has super-classes
Offensive Technique c
has sub-classes
Drive-by Compromise c, Exploit Public-Facing Application c, External Remote Services c, Hardware Additions c, Phishing c, Replication Through Removable Media c, Spearphishing Attachment c, Spearphishing Link c, Spearphishing via Service c, Supply Chain Compromise c, Trusted Relationship c, Valid Accounts c
is also defined as
named individual

Input Capturec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056

has super-classes
Collection Technique c, Credential Access Technique c
has sub-classes
Credential API Hooking c, GUI Input Capture c, Keylogging c, Web Portal Capture c

Input Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InputDevice

has super-classes
Hardware Device c, Local Resource c
has sub-classes
Audio Input Device c, Keyboard Input Device c, Mouse Input Device c, Video Input Device c
is also defined as
named individual

Input Device Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InputDeviceAnalysis

has super-classes
Operating System Monitoring c
is also defined as
named individual

Input Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InputFunction

has super-classes
Subroutine c
has sub-classes
User Input Function c

Input Promptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1141

has super-classes
Credential Access Technique c

Install Digital Certificatec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1608.003

has super-classes
Stage Capabilities c

Install Root Certificatec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1130

has super-classes
Defense Evasion Technique c

Install Root Certificatec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.004

has super-classes
Subvert Trust Controls c
is also defined as
named individual

InstallUtilc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1118

has super-classes
Defense Evasion Technique c, Execution Technique c

InstallUtil Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.004

has super-classes
Signed Binary Proxy Execution c

Instant Messaging Clientc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InstantMessagingClient

Is defined by
https://dbpedia.org/wiki/Instant_messaging
has super-classes
Collaborative Software c

Integer Overflow or Wraparoundc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-190

has super-classes
Weakness c
is also defined as
named individual

Integrated Honeynetc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntegratedHoneynet

has super-classes
Decoy Environment c
is also defined as
named individual

Integration Test Execution Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntegrationTestExecutionTool

has super-classes
Test Execution Tool c

Inter-Process Communication Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1559

has super-classes
Execution Technique c
has sub-classes
Component Object Model Execution c, Dynamic Data Exchange Execution c, XPC Services c
is also defined as
named individual

Internal Defacementc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1491.001

has super-classes
Defacement c
is also defined as
named individual

Internal Proxyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.001

has super-classes
Proxy c
is also defined as
named individual

Internal Spearphishingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1534

has super-classes
Lateral Movement Technique c
is also defined as
named individual

Internet Articlec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetArticle

has super-classes
News Article c
is also defined as
named individual

Internet Article Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetArticleReference

has super-classes
Technique Reference c
has members
Reference - Catia UAF Plugin ni, Reference - Configure User Access Control and Permissions ni, Reference - Cyber Command System (CYCS) ni, Reference - Dagger Fact Sheet ni, Reference - Decoy Personas for Safeguarding Online Identity Using Deception - MITRE ni, Reference - Detection of Malicious IDNHomoglyph Domains ni, Reference - FWTK - Firewall Toolkit ni, Reference - How ASLR protects Linux systems from buffer overflow attacks - Network World ni, Reference - How Does Antivirus Quarantine Work? - Safety Detectives ni, Reference - How to change registry values or permissions from a command line or a script ni, Reference - How trust relationships work for resource forests in Azure Active Directory Domain Services ni, Reference - MGT516: Managing Security Vulnerabilities: Enterprise and Cloud ni, Reference - NIST RMF Quick Start Guide - Assess Step - Frequently Asked Questions (FAQ) ni, Reference - Overview of the seccomp sandbox ni, Reference - Pointer Authentication Project Zero ni, Reference - Security Technologies: Stack Smashing Protection (StackGuard) - Red Hat ni, Reference - Tenable Passive Network Monitoring ni, Reference - The Pyramid of Pain - David Bianco ni, Reference - What is NX/XD feature? ni, Reference - http://www.biometric-solutions.com/keystroke-dynamics.html - biometric-solutions.com ni

Internet Connection Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1016.001

has super-classes
System Network Configuration Discovery c

Internet DNS Lookupc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetDNSLookup

has super-classes
DNS Lookup c

Internet File Transfer Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetFileTransferTraffic

has super-classes
File Transfer Network Traffic c, Internet Network Traffic c

Internet Networkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetNetwork

Is defined by
http://dbpedia.org/resource/Internetworking
has super-classes
Network c

Internet Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetNetworkTraffic

has super-classes
Network Traffic c
has sub-classes
Inbound Internet Network Traffic c, Internet File Transfer Traffic c, Outbound Internet Network Traffic c
is also defined as
named individual

Interprocess Communicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InterprocessCommunication

has super-classes
Digital Artifact c
has sub-classes
Pipe c
is also defined as
named individual

Intranet Administrative Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetAdministrativeNetworkTraffic

has super-classes
Administrative Network Traffic c, Intranet Network Traffic c
is also defined as
named individual

Intranet DNS Lookupc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetDNSLookup

has super-classes
DNS Lookup c

Intranet File Transfer Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetFileTransferTraffic

has super-classes
File Transfer Network Traffic c, Intranet Network Traffic c
is also defined as
named individual

Intranet IPC Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetIPCNetworkTraffic

has super-classes
IPC Network Traffic c, Intranet Network Traffic c
is also defined as
named individual

Intranet Multicast Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetMulticastNetworkTraffic

has super-classes
Intranet Network Traffic c
is also defined as
named individual

Intranet Networkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetNetwork

has super-classes
Network c
is also defined as
named individual

Intranet Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetNetworkTraffic

has super-classes
Network Traffic c
has sub-classes
Intranet Administrative Network Traffic c, Intranet File Transfer Traffic c, Intranet IPC Network Traffic c, Intranet Multicast Network Traffic c, Intranet RPC Network Traffic c, Intranet Web Network Traffic c, Local Area Network Traffic c
is also defined as
named individual

Intranet RPC Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetRPCNetworkTraffic

has super-classes
Intranet Network Traffic c, RPC Network Traffic c

Intranet Web Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetWebNetworkTraffic

has super-classes
Intranet Network Traffic c, Web Network Traffic c
is also defined as
named individual

Intrusion Detection Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntrusionDetectionSystem

Is defined by
http://dbpedia.org/resource/Intrusion_detection_system
has super-classes
Digital Artifact c
has sub-classes
Intrusion Prevention System c

Intrusion Prevention Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntrusionPreventionSystem

Is defined by
http://dbpedia.org/resource/Intrusion_detection_system#Intrusion_prevention
has super-classes
Intrusion Detection System c

Invalid Code Signaturec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.001

has super-classes
Masquerading c
is also defined as
named individual

IO Port Restrictionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IOPortRestriction

has super-classes
Execution Isolation c
is also defined as
named individual

IP Addressc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPAddress

has super-classes
Identifier c
is also defined as
named individual

IP Addressesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1590.005

has super-classes
Gather Victim Network Information c

IP Phonec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPPhone

Is defined by
http://dbpedia.org/resource/VoIP_phone
has super-classes
Personal Computer c

IP Reputation Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPReputationAnalysis

has super-classes
Identifier Reputation Analysis c
is also defined as
named individual

IPC Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPCNetworkTraffic

has super-classes
Network Traffic c
has sub-classes
Intranet IPC Network Traffic c

IPC Traffic Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPCTrafficAnalysis

has super-classes
Network Traffic Analysis c
is also defined as
named individual

Isolatec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Isolate

has super-classes
Defensive Tactic c
is also defined as
named individual

Java Archivec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#JavaArchive

has super-classes
Archive File c, Software Package c

JavaScript Blobc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#JavaScriptBlob

has super-classes
Binary Large Object c
is also defined as
named individual

JavaScript/JScriptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.007

has super-classes
Command and Scripting Interpreter Execution c

Job Function Access Pattern Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#JobFunctionAccessPatternAnalysis

has super-classes
User Behavior Analysis c
is also defined as
named individual

Journal Articlec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#JournalArticle

has super-classes
Academic Article c

Junk Datac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1001.001

has super-classes
Data Obfuscation c

Kerberoastingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1208

has super-classes
Credential Access Technique c

Kerberoastingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558.003

has super-classes
Steal or Forge Kerberos Tickets c
is also defined as
named individual

Kerberos Ticketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KerberosTicket

has super-classes
Access Token c
has sub-classes
Kerberos Ticket Granting Service Ticket c, Kerberos Ticket Granting Ticket c
is also defined as
named individual

Kerberos Ticket Granting Service Ticketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KerberosTicketGrantingServiceTicket

has super-classes
Kerberos Ticket c

Kerberos Ticket Granting Ticketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KerberosTicketGrantingTicket

has super-classes
Kerberos Ticket c, Ticket Granting Ticket c
is also defined as
named individual

Kernelc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Kernel

has super-classes
System Software c
is also defined as
named individual

Kernel API Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KernelAPISensor

has super-classes
Endpoint Sensor c
is also defined as
named individual

Kernel Modulec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KernelModule

has super-classes
Object File c
is also defined as
named individual

Kernel Modules and Extensionsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1215

has super-classes
Persistence Technique c

Kernel Modules and Extensionsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.006

has super-classes
Boot or Logon Autostart Execution c
is also defined as
named individual

Kernel Process Tablec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KernelProcessTable

has super-classes
Digital Artifact c
is also defined as
named individual

Kernel-based Process Isolationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Kernel-basedProcessIsolation

has super-classes
Execution Isolation c
has sub-classes
Mandatory Access Control c, System Call Filtering c
has members
Mandatory Access Control ni, System Call Filtering ni
is also defined as
named individual

KernelCallbackTablec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.013

has super-classes
Hijack Execution Flow c

Keyboard Input Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KeyboardInputDevice

has super-classes
Input Device c
is also defined as
named individual

Keychainc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1142

has super-classes
Credential Access Technique c
is also defined as
named individual

Keychainc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.001

has super-classes
Credentials from Password Stores c
is also defined as
named individual

Keyloggingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.001

has super-classes
Input Capture c
is also defined as
named individual

Kiosk Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KioskComputer

Is defined by
http://dbpedia.org/resource/Interactive_kiosk
has super-classes
Shared Computer c

Laptop Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LaptopComputer

Is defined by
http://dbpedia.org/resource/Laptop
has super-classes
Personal Computer c

Latencyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Latency

has super-classes
D3FEND Thing c
has sub-classes
Analytic Latency c, Eviction Latency c

Lateral Movementc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LateralMovement

has super-classes
Offensive Tactic c
is also defined as
named individual

Lateral Movement Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LateralMovementTechnique

has super-classes
Offensive Technique c
has sub-classes
Application Access Token c, Application Deployment Software c, Exploitation of Remote Services c, Internal Spearphishing c, Lateral Tool Transfer c, Pass the Hash c, Pass the Ticket c, Remote Desktop Protocol c, Remote Service Session Hijacking c, Remote Services c, Replication Through Removable Media c, SSH Hijacking c, Software Deployment Tools Execution c, Taint Shared Content c, Use Alternate Authentication Material c, Web Session Cookie c, Windows Admin Shares c, Windows Remote Management c
is also defined as
named individual

Lateral Tool Transferc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1570

has super-classes
Lateral Movement Technique c
is also defined as
named individual

Launch Agentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1159

has super-classes
Persistence Technique c

Launch Agentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.001

has super-classes
Create or Modify System Process c
is also defined as
named individual

Launch Daemonc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1160

has super-classes
Persistence Technique c, Privilege Escalation Technique c

Launch Daemonc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.004

has super-classes
Create or Modify System Process c
is also defined as
named individual

Launchctlc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1152

has super-classes
Defense Evasion Technique c, Execution Technique c, Persistence Technique c

Launchctlc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1569.001

has super-classes
System Services c

Launchdc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.004

has super-classes
Scheduled Task/Job Execution c
is also defined as
named individual

LC_LOAD_DYLIB Additionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1161

has super-classes
Persistence Technique c

LC_LOAD_DYLIB Additionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.006

has super-classes
Event Triggered Execution c
is also defined as
named individual

LD_PRELOADc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.006

has super-classes
Hijack Execution Flow c
is also defined as
named individual

Legacy Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LegacySystem

has super-classes
Digital System c
is also defined as
named individual

Licensec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#License

has super-classes
Information Content Entity c
has sub-classes
Open Source License c, Proprietary License c

Link Targetc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1608.005

has super-classes
Stage Capabilities c

Linux and Mac File and Directory Permissions Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1222.002

has super-classes
File and Directory Permissions Modification c

ListPlantingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.015

has super-classes
Process Injection c

LLMNR/NBT-NS Poisoning and Relayc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1171

has super-classes
Credential Access Technique c

LLMNR/NBT-NS Poisoning and SMB Relayc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1557.001

has super-classes
Man-in-the-Middle c
is also defined as
named individual

Local Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.001

has super-classes
Create Account c
is also defined as
named individual

Local Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1136.001

has super-classes
Create Account c

Local Account Monitoringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAccountMonitoring

has super-classes
User Behavior Analysis c
is also defined as
named individual

Local Accountsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.003

has super-classes
Valid Accounts c
is also defined as
named individual

Local Area Networkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAreaNetwork

has super-classes
Network c
is also defined as
named individual

Local Area Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAreaNetworkTraffic

has super-classes
Intranet Network Traffic c
is also defined as
named individual

Local Authentication Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAuthenticationService

has super-classes
Authentication Service c, System Service Software c

Local Authorization Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAuthorizationService

has super-classes
Authorization Service c, System Service Software c

Local Data Stagingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1074.001

has super-classes
Data Staged c
is also defined as
named individual

Local Email Collectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114.001

has super-classes
Email Collection c
is also defined as
named individual

Local File Permissionsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalFilePermissions

has super-classes
Platform Hardening c
is also defined as
named individual

Local Groupsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1069.001

has super-classes
Permission Groups Discovery c

Local Job Schedulingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1168

has super-classes
Execution Technique c, Persistence Technique c

Local Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalResource

has super-classes
Resource c
has sub-classes
Input Device c, Startup Directory c, System Configuration Init Resource c, User Logon Init Resource c
is also defined as
named individual

Local Resource Accessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalResourceAccess

has super-classes
Resource Access c
is also defined as
named individual

Local User Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalUserAccount

has super-classes
User Account c
is also defined as
named individual

Logc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Log

has super-classes
Digital Artifact c
has sub-classes
Authentication Log c, Authorization Log c, Event Log c, Packet Log c
is also defined as
named individual

Log Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogFile

has super-classes
File c
has sub-classes
Command History Log File c, Operating System Log File c
is also defined as
named individual

Log Message Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogMessageFunction

has super-classes
Subroutine c

Logical Link Mappingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogicalLinkMapping

has super-classes
Network Mapping c
has sub-classes
Active Logical Link Mapping c, Passive Logical Link Mapping c
has members
Active Logical Link Mapping ni, Passive Logical Link Mapping ni
is also defined as
named individual

Login Itemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1162

has super-classes
Persistence Technique c

Login Itemsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.015

has super-classes
Boot or Logon Autostart Execution c
is also defined as
named individual

Login Sessionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LoginSession

has super-classes
Session c
has sub-classes
Remote Session c
is also defined as
named individual

Logon Script (Mac)c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.002

has super-classes
Boot or Logon Initialization Scripts c
is also defined as
named individual

Logon Script (Windows)c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.001

has super-classes
Boot or Logon Initialization Scripts c
is also defined as
named individual

Logon Userc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogonUser

has super-classes
System Call c
is also defined as
named individual

LSA Secretsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.004

has super-classes
OS Credential Dumping c
is also defined as
named individual

LSASS Driverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1177

has super-classes
Execution Technique c, Persistence Technique c

LSASS Driverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.008

has super-classes
Boot or Logon Autostart Execution c
is also defined as
named individual

LSASS Memoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.001

has super-classes
OS Credential Dumping c
is also defined as
named individual

MacOS Keychainc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MacOSKeychain

has super-classes
Password Store c
is also defined as
named individual

Mail Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MailNetworkTraffic

has super-classes
Network Traffic c
has sub-classes
Inbound Internet Mail Traffic c
is also defined as
named individual

Mail Protocolsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.003

has super-classes
Application Layer Protocol c
is also defined as
named individual

Mail Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MailServer

has super-classes
Server c
is also defined as
named individual

Mail Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MailService

has super-classes
Network Service c
has sub-classes
Message Transfer Agent c

Make and Impersonate Tokenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.003

has super-classes
Access Token Manipulation c
is also defined as
named individual

Malicious File Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1204.002

has super-classes
User Execution c
is also defined as
named individual

Malicious Imagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1204.003

has super-classes
User Execution c

Malicious Link Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1204.001

has super-classes
User Execution c
is also defined as
named individual

Malicious Shell Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1156

has super-classes
Persistence Technique c

Malwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1587.001

has super-classes
Develop Capabilities c

Malwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1588.001

has super-classes
Obtain Capabilities c

Man in the Browserc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1185

has super-classes
Collection Technique c
is also defined as
named individual

Man-in-the-Middlec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1557

has super-classes
Collection Technique c, Credential Access Technique c
has sub-classes
ARP Cache Poisoning c, DHCP Spoofing c, LLMNR/NBT-NS Poisoning and SMB Relay c
is also defined as
named individual

Mandatory Access Controlc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MandatoryAccessControl

has super-classes
Kernel-based Process Isolation c
is also defined as
named individual

Mark-of-the-Web Bypassc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.005

has super-classes
Subvert Trust Controls c

Masquerade Task or Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.004

has super-classes
Masquerading c
is also defined as
named individual

Masqueradingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036

has super-classes
Defense Evasion Technique c
has sub-classes
Double File Extension c, Invalid Code Signature c, Masquerade Task or Service c, Match Legitimate Name or Location c, Rename System Utilities c, Right-to-Left Override c, Space after Filename c

Match Legitimate Name or Locationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.005

has super-classes
Masquerading c
is also defined as
named individual

Mathematical Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MathematicalFunction

has super-classes
Subroutine c
is also defined as
named individual

Mavinjectc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.013

has super-classes
Signed Binary Proxy Execution c
is also defined as
named individual

Media Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MediaServer

Is defined by
http://dbpedia.org/resource/Media_server
has super-classes
Server c

Memory Addressc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryAddress

has super-classes
Digital Artifact c
has sub-classes
Physical Address c, Virtual Address c
is also defined as
named individual

Memory Address Spacec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryAddressSpace

has super-classes
Address Space c
has sub-classes
Virtual Memory Space c
is also defined as
named individual

Memory Allocation Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryAllocationFunction

has super-classes
Subroutine c
is also defined as
named individual

Memory Blockc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryBlock

has super-classes
Memory Extent c
has sub-classes
Page c, Page Frame c, Tertiary Storage c
is also defined as
named individual

Memory Boundary Trackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryBoundaryTracking

has super-classes
Operating System Monitoring c
is also defined as
named individual

Memory Extentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryExtent

has super-classes
Digital Artifact c
has sub-classes
Memory Block c, Memory Pool c, Memory Word c

Memory Free Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryFreeFunction

has super-classes
Subroutine c
is also defined as
named individual

Memory Management Unitc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryManagementUnit

has super-classes
Processor Component c
is also defined as
named individual

Memory Management Unit Componentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryManagementUnitComponent

has super-classes
Hardware Device c
has sub-classes
Translation Lookaside Buffer c

Memory Poolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryPool

has super-classes
Memory Extent c
is also defined as
named individual

Memory Protection Unitc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryProtectionUnit

has super-classes
Processor Component c
is also defined as
named individual

Memory Wordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryWord

has super-classes
Memory Extent c
is also defined as
named individual

Message Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageAnalysis

has super-classes
Defensive Technique c
has sub-classes
Sender MTA Reputation Analysis c, Sender Reputation Analysis c
has members
Sender MTA Reputation Analysis ni, Sender Reputation Analysis ni
is also defined as
named individual

Message Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageAuthentication

has super-classes
Message Hardening c
is also defined as
named individual

Message Encryptionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageEncryption

has super-classes
Message Hardening c
is also defined as
named individual

Message Hardeningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageHardening

has super-classes
Defensive Technique c
has sub-classes
Message Authentication c, Message Encryption c, Transfer Agent Authentication c
has members
Message Authentication ni, Message Encryption ni, Transfer Agent Authentication ni
is also defined as
named individual

Message Transfer Agentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageTransferAgent

has super-classes
Mail Service c
is also defined as
named individual

Metadatac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Metadata

Is defined by
http://dbpedia.org/resource/Metadata
has super-classes
Digital Artifact c
has sub-classes
File System Metadata c

Microcodec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Microcode

Is defined by
http://dbpedia.org/resource/Microcode
has super-classes
Firmware c

Missing Authentication for Critical Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-306

has super-classes
Weakness c

Missing Authorizationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-862

Broad and could apply to all resource accesses.
has super-classes
Weakness c

MMCc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.014

has super-classes
Signed Binary Proxy Execution c
is also defined as
named individual

Mobile Phonec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MobilePhone

Is defined by
http://dbpedia.org/resource/Mobile_phone
has super-classes
Personal Computer c

Modelc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Model

has super-classes
Defensive Tactic c
is also defined as
named individual

Modemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Modem

Is defined by
http://dbpedia.org/resource/Modem
has super-classes
Network Node c
has sub-classes
Dial Up Modem c, Optical Modem c, Radio Modem c

Modify Authentication Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556

has super-classes
Credential Access Technique c, Defense Evasion Technique c
has sub-classes
Domain Controller Authentication c, Network Device Authentication c, Password Filter DLL c, Pluggable Authentication Modules c, Reversible Encryption c
is also defined as
named individual

Modify Cloud Compute Infrastructurec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1578

has super-classes
Defense Evasion Technique c
has sub-classes
Create Cloud Instance c, Create Snapshot c, Delete Cloud Instance c, Revert Cloud Instance c

Modify Existing Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1031

has super-classes
Persistence Technique c

Modify Registryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1112

has super-classes
Defense Evasion Technique c
is also defined as
named individual

Modify System Imagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1601

has super-classes
Defense Evasion Technique c
has sub-classes
Downgrade System Image c, Patch System Image c

Monitoringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Monitoring

Is defined by
http://wordnet-rdf.princeton.edu/id/00881724-n
has super-classes
D3FEND Thing c

Mouse Input Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MouseInputDevice

Is defined by
http://dbpedia.org/resource/Computer_mouse
has super-classes
Input Device c

Move Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MoveFile

has super-classes
System Call c
is also defined as
named individual

MSBuildc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1127.001

has super-classes
Trusted Developer Utilities Proxy Execution c
is also defined as
named individual

Mshtac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1170

has super-classes
Defense Evasion Technique c, Execution Technique c

Mshta Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.005

has super-classes
Signed Binary Proxy Execution c

Msiexec Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.007

has super-classes
Signed Binary Proxy Execution c

Multi-factor Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Multi-factorAuthentication

has super-classes
Credential Hardening c
is also defined as
named individual

Multi-Factor Authentication Request Generationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1621

has super-classes
Credential Access Technique c

Multi-hop Proxyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.003

has super-classes
Proxy c
is also defined as
named individual

Multi-hop Proxyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1188

has super-classes
Command and Control Technique c

Multi-Stage Channelsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1104

has super-classes
Command and Control Technique c
is also defined as
named individual

Multilayer Encryptionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1079

has super-classes
Command and Control Technique c

Multimedia Document Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MultimediaDocumentFile

has super-classes
Document File c
is also defined as
named individual

Native API Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1106

has super-classes
Execution Technique c
is also defined as
named individual

Netsh Helper DLLc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1128

has super-classes
Persistence Technique c

Netsh Helper DLLc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.007

has super-classes
Event Triggered Execution c
is also defined as
named individual

Networkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Network

has super-classes
Digital Artifact c
has sub-classes
Internet Network c, Intranet Network c, Local Area Network c, Wide Area Network c
is also defined as
named individual

Network Address Translation Traversalc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1599.001

has super-classes
Network Boundary Bridging c

Network Agentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CollectorAgent

has super-classes
Software c
is also defined as
named individual

Network Boundary Bridgingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1599

has super-classes
Defense Evasion Technique c
has sub-classes
Network Address Translation Traversal c

Network Card Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkCardFirmware

has super-classes
Peripheral Firmware c

Network Denial of Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1498

has super-classes
Impact Technique c
has sub-classes
Direct Network Flood c, Reflection Amplification c, Service Exhaustion Flood c

Network Device Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.004

has super-classes
Modify Authentication Process c

Network Device CLIc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.008

has super-classes
Command and Scripting Interpreter Execution c

Network Device Configuration Dumpc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1602.002

has super-classes
Data from Configuration Repository c

Network Directory Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkDirectoryResource

has super-classes
Network File Share Resource c
is also defined as
named individual

Network File Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFileResource

has super-classes
Network File Share Resource c
has sub-classes
Network Init Script File Resource c, Web File Resource c
is also defined as
named individual

Network File Share Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFileShareResource

has super-classes
Network Resource c
has sub-classes
Network Directory Resource c, Network File Resource c
is also defined as
named individual

Network Flowc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFlow

has super-classes
Digital Artifact c
is also defined as
named individual

Network Flow Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFlowSensor

has super-classes
Network Sensor c
is also defined as
named individual

Network Init Script File Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkInitScriptFileResource

has super-classes
Init Script c, Network File Resource c
is also defined as
named individual

Network Isolationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkIsolation

has super-classes
Defensive Technique c
has sub-classes
Broadcast Domain Isolation c, DNS Allowlisting c, DNS Denylisting c, Encrypted Tunnels c, Network Traffic Filtering c
has members
Broadcast Domain Isolation ni, DNS Allowlisting ni, DNS Denylisting ni, Encrypted Tunnels ni, Network Traffic Filtering ni
is also defined as
named individual

Network Logon Scriptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.003

has super-classes
Boot or Logon Initialization Scripts c
is also defined as
named individual

Network Mappingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkMapping

has super-classes
Defensive Technique c
has sub-classes
Logical Link Mapping c, Network Traffic Policy Mapping c, Network Vulnerability Assessment c, Physical Link Mapping c
has members
Logical Link Mapping ni, Network Traffic Policy Mapping ni, Network Vulnerability Assessment ni, Physical Link Mapping ni
is also defined as
named individual

Network Nodec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkNode

has super-classes
Digital Artifact c
has sub-classes
Firewall c, Host c, Modem c, Proxy Server c, RF Node c, Router c, Switch c, Wireless Access Point c
is also defined as
named individual

Network Node Inventoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkNodeInventory

has super-classes
Asset Inventory c
is also defined as
named individual

Network Packetc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkPackets

has super-classes
Network Traffic c
is also defined as
named individual

Network Printerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkPrinter

Is defined by
http://dbpedia.org/resource/Printer_(computing)
has super-classes
Shared Computer c

Network Protocol Analyzerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkProtocolAnalyzer

has super-classes
Network Sensor c
is also defined as
named individual

Network Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkResource

has super-classes
Remote Resource c
has sub-classes
Network File Share Resource c, Server c
is in range of
accesses op
is also defined as
named individual

Network Resource Accessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkResourceAccess

has super-classes
Resource Access c
has sub-classes
Web Resource Access c
is also defined as
named individual

Network Security Appliancesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1590.006

has super-classes
Gather Victim Network Information c

Network Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkSensor

has super-classes
Sensor c
has sub-classes
Network Flow Sensor c, Network Protocol Analyzer c

Network Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkService

Is defined by
http://dbpedia.org/resource/Network_service
has super-classes
Service Application Process c
has sub-classes
Authorization Service c, Directory Service c, File Share Service c, Mail Service c, Remote Authentication Service c

Network Service Scanningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1046

has super-classes
Discovery Technique c

Network Sessionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkSession

has super-classes
Network Traffic c
has sub-classes
Remote Command c, Remote Terminal Session c
is also defined as
named individual

Network Share Connection Removalc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.005

has super-classes
Indicator Removal on Host c
is also defined as
named individual

Network Share Connection Removalc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1126

has super-classes
Defense Evasion Technique c

Network Share Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1135

has super-classes
Discovery Technique c

Network Sniffingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1040

has super-classes
Credential Access Technique c, Discovery Technique c
is also defined as
named individual

Network Topologyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1590.004

has super-classes
Gather Victim Network Information c

Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic

has super-classes
Digital Artifact c
has sub-classes
Administrative Network Traffic c, DNS Network Traffic c, File Transfer Network Traffic c, IPC Network Traffic c, Inbound Network Traffic c, Internet Network Traffic c, Intranet Network Traffic c, Mail Network Traffic c, Network Packet c, Network Session c, Outbound Network Traffic c, RPC Network Traffic c, Web Network Traffic c
is also defined as
named individual

Network Traffic Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficAnalysis

has super-classes
Defensive Technique c
has sub-classes
Administrative Network Activity Analysis c, Byte Sequence Emulation c, Certificate Analysis c, Client-server Payload Profiling c, Connection Attempt Analysis c, DNS Traffic Analysis c, File Carving c, IPC Traffic Analysis c, Inbound Session Volume Analysis c, Network Traffic Community Deviation c, Per Host Download-Upload Ratio Analysis c, Protocol Metadata Anomaly Detection c, RPC Traffic Analysis c, Relay Pattern Analysis c, Remote Terminal Session Detection c
has members
Administrative Network Activity Analysis ni, Byte Sequence Emulation ni, Certificate Analysis ni, Client-server Payload Profiling ni, Connection Attempt Analysis ni, DNS Traffic Analysis ni, File Carving ni, IPC Traffic Analysis ni, Inbound Session Volume Analysis ni, Network Traffic Community Deviation ni, Per Host Download-Upload Ratio Analysis ni, Protocol Metadata Anomaly Detection ni, RPC Traffic Analysis ni, Relay Pattern Analysis ni, Remote Terminal Session Detection ni
is also defined as
named individual

Network Traffic Analysis Softwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficAnalysisSoftware

has super-classes
Developer Application c
is also defined as
named individual

Network Traffic Community Deviationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficCommunityDeviation

has super-classes
Network Traffic Analysis c
is also defined as
named individual

Network Traffic Filteringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficFiltering

has super-classes
Network Isolation c
has sub-classes
Inbound Traffic Filtering c, Outbound Traffic Filtering c
has members
Inbound Traffic Filtering ni, Outbound Traffic Filtering ni
is also defined as
named individual

Network Traffic Policy Mappingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficPolicyMapping

has super-classes
Network Mapping c
is also defined as
named individual

Network Trust Dependenciesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1590.003

has super-classes
Gather Victim Network Information c

Network Vulnerability Assessmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkVulnerabilityAssessment

has super-classes
Network Mapping c
is also defined as
named individual

New Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1050

has super-classes
Persistence Technique c, Privilege Escalation Technique c

News Articlec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NewsArticle

has super-classes
Article c
has sub-classes
Internet Article c

NIST Controlc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NISTControl

has super-classes
External Control c
has members
AC-17(8) ni, AC-2(1) ni, AC-2(13) ni, AC-2(2) ni, AC-2(3) ni, AC-2(4) ni, AC-2(5) ni, AC-2(6) ni, AC-2(7) ni, AC-2(9) ni, AC-23 ni, AC-24 ni, AC-24(1) ni, AC-24(2) ni, AC-3 ni, AC-3(11) ni, AC-3(13) ni, AC-3(3) ni, AC-3(7) ni, AC-3(8) ni, AC-4 ni, AC-4(1) ni, AC-4(10) ni, AC-4(11) ni, AC-4(12) ni, AC-4(13) ni, AC-4(14) ni, AC-4(15) ni, AC-4(17) ni, AC-4(19) ni, AC-4(20) ni, AC-4(21) ni, AC-4(26) ni, AC-4(27) ni, AC-4(28) ni, AC-4(29) ni, AC-4(3) ni, AC-4(30) ni, AC-4(32) ni, AC-4(4) ni, AC-4(5) ni, AC-4(6) ni, AC-4(8) ni, AC-5 ni, AC-6 ni, AC-6(1) ni, AC-6(10) ni, AC-6(3) ni, AC-6(4) ni, AC-6(5) ni, AC-6(6) ni, AC-6(9) ni, AC-7 ni, AC-7(3) ni, AC-7(4) ni, AU-10(5) ni, AU-14(2) ni, AU-15 ni, AU-2 ni, AU-2(1) ni, AU-2(2) ni, AU-3 ni, AU-4 ni, CM-14 ni, CM-5 ni, CM-5(1) ni, CM-5(3) ni, CM-5(5) ni, CM-5(6) ni, CM-6(3) ni, IA-2(1) ni, IA-2(2) ni, IA-2(4) ni, IA-2(6) ni, IR-4(12) ni, IR-4(13) ni, MA-3(3) ni, MA-3(4) ni, MA-3(5) ni, MA-3(6) ni, MA-4(1) ni, MA-6 ni, MA-6(1) ni, MA-6(2) ni, MA-6(3) ni, RA-3(3) ni, RA-3(4) ni, RA-5 ni, RA-5(2) ni, RA-5(3) ni, RA-5(4) ni, RA-5(5) ni, RA-5(6) ni, RA-5(7) ni, SA-10(1) ni, SA-10(3) ni, SA-10(4) ni, SA-10(5) ni, SA-10(6) ni, SA-11(1) ni, SA-11(8) ni, SA-8(18) ni, SA-8(22) ni, SC-2 ni, SC-2(1) ni, SC-3 ni, SC-3(1) ni, SI-2(4) ni, SI-2(5) ni, SI-2(6) ni, SI-3 ni, SI-3(10) ni, SI-3(4) ni, SI-3(8) ni, SI-4 ni, SI-4(2) ni, SI-4(4) ni

NIST SP 800-53 Control Catalogc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NISTSP800-53ControlCatalog

has super-classes
Control Catalog c
has members
NIST SP 800-53 R3 ni, NIST SP 800-53 R4 ni, NIST SP 800-53 R5 ni

Non-Application Layer Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1095

has super-classes
Command and Control Technique c
is also defined as
named individual

Non-Standard Encodingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1132.002

has super-classes
Data Encoding c

Non-Standard Portc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1571

has super-classes
Command and Control Technique c
is also defined as
named individual

NTDSc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.003

has super-classes
OS Credential Dumping c
is also defined as
named individual

NTFS File Attributesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1096

has super-classes
Defense Evasion Technique c

NTFS File Attributesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.004

has super-classes
Hide Artifacts c
is also defined as
named individual

NTFS Junction Pointc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NTFSJunctionPoint

Is defined by
http://dbpedia.org/resource/NTFS_links
has super-classes
NTFS Link c, Symbolic Link c

NULL Pointer Dereferencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-476

has super-classes
Weakness c
is also defined as
named individual

Obfuscated Files or Informationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027

has super-classes
Defense Evasion Technique c
has sub-classes
Binary Padding c, Compile After Delivery c, HTML Smuggling c, Indicator Removal from Tools c, Software Packing c, Steganography c

Object Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ObjectFile

has super-classes
File c
has sub-classes
Kernel Module c, Shared Library File c
is also defined as
named individual

Obtain Capabilitiesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1588

has super-classes
Resource Development Technique c
has sub-classes
Code Signing Certificates c, Digital Certificates c, Exploits c, Malware c, Tool c, Vulnerabilities c

Odbcconf Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.008

has super-classes
Signed Binary Proxy Execution c

Offensive Tacticc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OffensiveTactic

Is defined by
https://attack.mitre.org/docs/ATTACK_Design_and_Philosophy_March_2020.pdf
has super-classes
ATTACK Thing c
has sub-classes
Collection c, Command And Control c, Credential Access c, Defense Evasion c, Discovery c, Execution c, Exfiltration c, Impact c, Initial Access c, Lateral Movement c, Persistence c, Privilege Escalation c, Resource Development c, reconnaissance c
has members
Collection ni, Command And Control ni, Credential Access ni, Defense Evasion ni, Discovery ni, Execution ni, Exfiltration ni, Impact ni, Initial Access ni, Lateral Movement ni, Persistence ni, Privilege Escalation ni

Offensive Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OffensiveTechnique

Is defined by
https://attack.mitre.org/docs/ATTACK_Design_and_Philosophy_March_2020.pdf
has super-classes
ATTACK Thing c, Technique c
has sub-classes
Collection Technique c, Command and Control Technique c, Credential Access Technique c, Defense Evasion Technique c, Discovery Technique c, Execution Technique c, Exfiltration Technique c, Impact Technique c, Initial Access Technique c, Lateral Movement Technique c, Persistence Technique c, Privilege Escalation Technique c, Reconnaissance Technique c, Resource Development Technique c
is in domain of
attack-id, attack-kb-annotation
is in range of
may-be-tactically-associated-with op

Office Applicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OfficeApplication

has super-classes
User Application c
is also defined as
named individual

Office Application Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OfficeApplicationFile

has super-classes
Document File c
is also defined as
named individual

Office Application Startupc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137

has super-classes
Persistence Technique c
has sub-classes
Add-ins c, Office Template Macros c, Office Test c, Outlook Forms c, Outlook Home Page c, Outlook Rules c

Office Template Macrosc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.001

has super-classes
Office Application Startup c
is also defined as
named individual

Office Testc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.002

has super-classes
Office Application Startup c
is also defined as
named individual

One-time Passwordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#One-timePassword

has super-classes
Credential Hardening c
is also defined as
named individual

One-Way Communicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1102.003

has super-classes
Web Service c

Open Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OpenFile

has super-classes
System Call c
is also defined as
named individual

Open Source Licensec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OpenSourceLicense

has super-classes
License c

Open-source Developerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Open-sourceDeveloper

has super-classes
Product Developer c

Operating Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystem

has super-classes
Digital Artifact c
is also defined as
named individual

Operating System Configurationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemConfiguration

has super-classes
Configuration Resource c
has sub-classes
Operating System Configuration Component c
is also defined as
named individual

Operating System Configuration Componentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemConfigurationComponent

has super-classes
Operating System Configuration c
has sub-classes
System Configuration Database Record c, System Firewall Configuration c, System Init Configuration c
is also defined as
named individual

Operating System Configuration Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemConfigurationFile

has super-classes
Configuration File c, Operating System File c
is also defined as
named individual

Operating System Executable Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemExecutableFile

has super-classes
Operating System File c
is also defined as
named individual

Operating System Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemFile

has super-classes
File c
has sub-classes
Operating System Configuration File c, Operating System Executable File c, Operating System Log File c, Operating System Shared Library File c
is also defined as
named individual

Operating System Log Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemLogFile

has super-classes
Log File c, Operating System File c
is also defined as
named individual

Operating System Monitoringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemMonitoring

has super-classes
Platform Monitoring c
has sub-classes
Endpoint Health Beacon c, Input Device Analysis c, Memory Boundary Tracking c, Scheduled Job Analysis c, System Daemon Monitoring c, System File Analysis c, System Init Config Analysis c, User Session Init Config Analysis c
has members
Endpoint Health Beacon ni, Input Device Analysis ni, Memory Boundary Tracking ni, Scheduled Job Analysis ni, System Daemon Monitoring ni, System File Analysis ni, System Init Config Analysis ni, User Session Init Config Analysis ni
is also defined as
named individual

Operating System Packaging Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemPackagingTool

has super-classes
Software Packaging Tool c

Operating System Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemProcess

has super-classes
Process c
has sub-classes
System Init Process c, Task Scheduler Process c
is also defined as
named individual

Operating System Shared Library Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemSharedLibraryFile

has super-classes
Operating System File c, Shared Library File c
is also defined as
named individual

Operational Activity Mappingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperationalActivityMapping

has super-classes
Defensive Technique c
has sub-classes
Access Modeling c, Operational Dependency Mapping c, Operational Risk Assessment c, Organization Mapping c
has members
Access Modeling ni, Operational Dependency Mapping ni, Operational Risk Assessment ni, Organization Mapping ni
is also defined as
named individual

Operational Dependency Mappingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperationalDependencyMapping

has super-classes
Operational Activity Mapping c
is also defined as
named individual

Operational Risk Assessmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperationalRiskAssessment

has super-classes
Operational Activity Mapping c
is also defined as
named individual

Operations Center Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperationsCenterComputer

Is defined by
http://dbpedia.org/resource/Mainframe_computer
has super-classes
Shared Computer c

Optical Modemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OpticalModem

Is defined by
http://dbpedia.org/resource/Modem#Optical_modem
has super-classes
Modem c

Orchestration Controllerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrchestrationController

has super-classes
Orchestration Server c
is also defined as
named individual

Orchestration Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrchestrationServer

has super-classes
Server c
has sub-classes
Orchestration Controller c, Orchestration Worker c

Orchestration Workerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrchestrationWorker

has super-classes
Orchestration Server c

Organizationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Organization

has super-classes
Agent c
has sub-classes
Provider c
has members
DISA FSO ni
is also defined as
named individual

Organization Mappingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrganizationMapping

has super-classes
Operational Activity Mapping c
is also defined as
named individual

Organizational Activityc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrganizationalActivity

has super-classes
Activity c
is also defined as
named individual

OS Credential Dumpingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003

has super-classes
Credential Access Technique c
has sub-classes
/etc/passwd and /etc/shadow c, Cached Domain Credentials c, DCSync c, LSA Secrets c, LSASS Memory c, NTDS c, Proc Filesystem c, Security Account Manager c
is also defined as
named individual

OS Exhaustion Floodc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1499.001

has super-classes
Endpoint Denial of Service c

Out-of-bounds Readc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-125

has super-classes
Weakness c
is also defined as
named individual

Out-of-bounds Writec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-787

has super-classes
Weakness c
is also defined as
named individual

Outbound Internet DNS Lookup Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetDNSLookupTraffic

has super-classes
DNS Network Traffic c, Outbound Internet Network Traffic c, Outbound Network Traffic c
is also defined as
named individual

Outbound Internet Encrypted Remote Terminal Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetEncryptedRemoteTerminalTraffic

has super-classes
Outbound Internet Encrypted Traffic c
is also defined as
named individual

Outbound Internet Encrypted Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetEncryptedTraffic

has super-classes
Outbound Internet Network Traffic c
has sub-classes
Outbound Internet Encrypted Remote Terminal Traffic c, Outbound Internet Encrypted Web Traffic c
is also defined as
named individual

Outbound Internet Encrypted Web Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetEncryptedWebTraffic

has super-classes
Outbound Internet Encrypted Traffic c, Outbound Internet Web Traffic c
is also defined as
named individual

Outbound Internet File Transfer Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetFileTransferTraffic

has super-classes
File Transfer Network Traffic c, Outbound Internet Network Traffic c, Outbound Network Traffic c
is also defined as
named individual

Outbound Internet Mail Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetMailTraffic

has super-classes
Outbound Internet Network Traffic c
is also defined as
named individual

Outbound Internet Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetNetworkTraffic

has super-classes
Internet Network Traffic c, Outbound Network Traffic c
has sub-classes
Outbound Internet DNS Lookup Traffic c, Outbound Internet Encrypted Traffic c, Outbound Internet File Transfer Traffic c, Outbound Internet Mail Traffic c, Outbound Internet RPC Traffic c, Outbound Internet Web Traffic c
is also defined as
named individual

Outbound Internet RPC Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetRPCTraffic

has super-classes
Outbound Internet Network Traffic c, Outbound Network Traffic c, RPC Network Traffic c

Outbound Internet Web Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetWebTraffic

has super-classes
Outbound Internet Network Traffic c, Web Network Traffic c
has sub-classes
Outbound Internet Encrypted Web Traffic c
is also defined as
named individual

Outbound Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundNetworkTraffic

has super-classes
Network Traffic c
has sub-classes
Outbound Internet DNS Lookup Traffic c, Outbound Internet File Transfer Traffic c, Outbound Internet Network Traffic c, Outbound Internet RPC Traffic c
is also defined as
named individual

Outbound Traffic Filteringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundTrafficFiltering

has super-classes
Network Traffic Filtering c
is also defined as
named individual

Outlook Formsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.003

has super-classes
Office Application Startup c
is also defined as
named individual

Outlook Home Pagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.004

has super-classes
Office Application Startup c
is also defined as
named individual

Outlook Rulesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.005

has super-classes
Office Application Startup c
is also defined as
named individual

Output Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutputDevice

Is defined by
http://dbpedia.org/resource/Output_device
has super-classes
Hardware Device c
has sub-classes
Display Adapter c

Packet Logc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PacketLog

has super-classes
Log c
is also defined as
named individual

Pagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Page

Is defined by
https://dbpedia.org/page/Page_(computer_memory)
has super-classes
Memory Block c

Page Framec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PageFrame

has super-classes
Memory Block c
is also defined as
named individual

Page Tablec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PageTable

has super-classes
Digital Artifact c
is also defined as
named individual

Parent PID Spoofingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.004

has super-classes
Access Token Manipulation c
is also defined as
named individual

Parent PID Spoofingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1502

has super-classes
Defense Evasion Technique c, Privilege Escalation Technique c

Parent Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ParentProcess

Is defined by
http://dbpedia.org/resource/Parent_process
has super-classes
Process c

Partitionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Partition

has super-classes
Digital Artifact c
is also defined as
named individual

Partition Tablec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PartitionTable

has super-classes
Digital Artifact c
is also defined as
named individual

Pass the Hashc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1075

has super-classes
Lateral Movement Technique c

Pass The Hashc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.002

has super-classes
Use Alternate Authentication Material c
is also defined as
named individual

Pass the Ticketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1097

has super-classes
Lateral Movement Technique c

Pass The Ticketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.003

has super-classes
Use Alternate Authentication Material c
is also defined as
named individual

Passive Certificate Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PassiveCertificateAnalysis

has super-classes
Certificate Analysis c
has members
Passive Certificate Analysis ni
is also defined as
named individual

Passive Logical Link Mappingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PassiveLogicalLinkMapping

has super-classes
Logical Link Mapping c
is also defined as
named individual

Passive Physical Link Mappingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PassivePhysicalLinkMapping

has super-classes
Physical Link Mapping c
is disjoint with
Active Physical Link Mapping c
is also defined as
named individual

Passwordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Password

has super-classes
Credential c
has sub-classes
Encrypted Password c
is also defined as
named individual

Password Crackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.002

has super-classes
Brute Force c
is also defined as
named individual

Password Databasec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PasswordDatabase

has super-classes
Database c
has sub-classes
Password File c, Password Store c, System Password Database c

Password Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PasswordFile

has super-classes
File c, Password Database c
is also defined as
named individual

Password Filter DLLc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1174

has super-classes
Credential Access Technique c

Password Filter DLLc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.002

has super-classes
Modify Authentication Process c
is also defined as
named individual

Password Guessingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.001

has super-classes
Brute Force c
is also defined as
named individual

Password Managerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PasswordManager

Is defined by
http://dbpedia.org/resource/Password_manager
has super-classes
Application c

Password Managersc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.005

has super-classes
Credentials from Password Stores c

Password Policy Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1201

has super-classes
Discovery Technique c

Password Sprayingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.003

has super-classes
Brute Force c
is also defined as
named individual

Password Storec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PasswordStore

has super-classes
Password Database c
has sub-classes
In-memory Password Store c, MacOS Keychain c
is also defined as
named individual

Patch System Imagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1601.001

has super-classes
Modify System Image c

Patentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Patent

has super-classes
Document c
is also defined as
named individual

Patent Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PatentReference

has super-classes
Technique Reference c
has members
Reference - Account monitoring - Forescout Technologies ni, Reference - Active firewall system and methodology - McAfee LLC ni, Reference - Advanced device matching system ni, Reference - Anomaly Detection Using Adaptive Behavioral Profiles - Securonix Inc ni, Reference - Anti-tamper system with self-adjusting guards - ARXAN TECHNOLOGIES Inc ni, Reference - Apparatus for to provide content to and query a reverse domain name system server - Barrracuda Networks ni, Reference - Approaches for securing an internet endpoint using fine-grained operating system virtualization - Bromium, Inc. ni, Reference - Architecture of transparent network security for application containers - Neuvector Inc ni, Reference - Automated computer vulnerability resolution system ni, Reference - Automatically generating network resource groups and assigning customized decoy policies thereto - Illusive Networks Ltd ni, Reference - Automatically generating rules for connection security - Microsoft ni, Reference - Biometric Challenge-Response Authentication - Accenture ni, Reference - Broadcast isolation and level 3 network switch - Hewlett Packard Enterprise Development LP ni, Reference - Computational modeling and classification of data streams - Crowdstrike Inc ni, Reference - Computer Worm Defense System and Method - FireEye Inc ni, Reference - Computer motherboard having peripheral security functions ni, Reference - Computer-implemented methods and systems for identifying visually similar text character strings - Greathorn Inc ni, Reference - Computing apparatus with automatic integrity reference generation and maintenance - Tripwire, Inc. ni, Reference - Content extractor and analysis system - Bit 9 Inc, Carbon Black Inc ni, Reference - Data processing and scanning systems for generating and populating a data inventory ni, Reference - Database for receiving, storing and compiling information about email messages ni, Reference - Deception-Based Responses to Security Attacks - Crowdstrike Inc ni, Reference - Decoy Network-Based Service for Deceiving Attackers - Amazon Technologies ni, Reference - Decoy and deceptive data object technology - Cymmetria Inc ni, Reference - Decoy and deceptive data object technology - Cymmetria, Inc. ni, Reference - Detecting network reconnaissance by tracking intranet dark-net communications - VECTRA NETWORKS Inc ni, Reference - Detecting script-based malware - Crowdstrike Inc ni, Reference - Deterministic method for detecting and blocking of exploits on interpreted code - K2 Cyber Security Inc ni, Reference - Distributed meta-information query in a network - Bit 9 Inc ni, Reference - Domain age registration alert - Inc Rapid7 Inc RAPID7 Inc ni, Reference - Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network - Palo Alto Networks Inc ni, Reference - Embedding contexts for on-line threats into response policy zones - Verisign Inc ni, Reference - End-to-end certificate pinning ni, Reference - File-modifying malware detection - Crowdstrike Inc ni, Reference - Finding phishing sites ni, Reference - Firewall for interent access - Secure Computing LLC ni, Reference - Firewall for processing a connectionless network packet - National Security Agency ni, Reference - Firewall for processing connection-oriented and connectionless datagrams over a connection-oriented network - National Security Agency ni, Reference - Firewalls that filter based upon protocol commands - Intel Corp ni, Reference - Firmware Embedded Monitoring Code Red Balloon ni, Reference - Firmware Verification Eclypsium ni, Reference - Firmware Verification Trapezoid ni, Reference - Framework for notifying a directory service of authentication events processed outside the directory service - Oracle International Corp ni, Reference - Guards for application in software tamperproofing - Purdue Research Foundation ni, Reference - Hardware-assisted system and method for detecting and analyzing system calls made to an operting system kernel - Endgame Inc ni, Reference - Heuristic botnet detection - Palo Alto Networks Inc ni, Reference - Host intrusion prevention system using software and user behavior analysis - Sophos Ltd ni, Reference - Identification and extraction of key forensics indicators of compromise using subject-specific filesystem views ni, Reference - Identification of traceroute nodes and associated devices ni, Reference - Identification of visual international domain name collisions - Verisign Inc ni, Reference - Identifying a denial-of-service attack in a cloud-based proxy service - Cloudfare Inc. ni, Reference - Inferential exploit attempt detection - Crowdstrike Inc ni, Reference - Instant process termination tool to recover control of an information handling system - Dell Products LP ni, Reference - Integrity assurance through early loading in the boot phase - Crowdstrike Inc ni, Reference - Intrusion detection using a heartbeat - Sophos Ltd ni, Reference - Isolation of applications within a virtual machine - Bromium, Inc. ni, Reference - Malicious relay detection on networks - VECTRA NETWORKS Inc ni, Reference - Malware analysis system - Palo Alto Networks Inc ni, Reference - Malware detection in event loops - Crowdstrike Inc ni, Reference - Malware detection using local computational models - Crowdstrike Inc ni, Reference - Method and Apparatus for Detecting Malicious Websites - Endgame Inc ni, Reference - Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - Idaptive LLC ni, Reference - Method and apparatus for increasing the speed at which computer viruses are detected - McAfee LLC ni, Reference - Method and apparatus for utilizing a token for resource access - Rsa Security Inc. ni, Reference - Method and system for UDP flood attack detection - Riorey LLC ni, Reference - Method and system for controlling communication ports ni, Reference - Method and system for detecting algorithm-generated domains - VECTRA NETWORKS Inc ni, Reference - Method and system for detecting external control of compromised hosts - VECTRA NETWORKS Inc ni, Reference - Method and system for detecting malicious payloads - Vectra Networks Inc ni, Reference - Method and system for detecting restricted content associated with retrieved content - Sophos Ltd ni, Reference - Method and system for detecting suspicious administrative activity - Vectra Networks Inc ni, Reference - Method and system for detecting threats using metadata vectors - VECTRA NETWORKS Inc ni, Reference - Method and system for detecting threats using passive cluster mapping - Vectra Networks Inc ni, Reference - Method and system for providing software updates to local machines ni, Reference - Method for controlling computer network security - Checkpoint Software Technologies Ltd ni, Reference - Method for file encryption ni, Reference - Method using kernel mode assistance for the detection and removal of threats which are actively preventing detection and removal from a running system - Symantec Corporation ni, Reference - Mock attack cybersecurity training system and methods - WOMBAT SECURITY TECHNOLOGIES Inc ni, Reference - Modeling user access to computer resources - Daedalus Group LLC (formerly IBM) ni, Reference - Modification of a Server to Mimic a Deception Mechanism - Acalvio Technologies Inc ni, Reference - Network firewall with proxy - Secure Computing LLC ni, Reference - Open source intelligence deceptions - Illusive Networks Ltd ni, Reference - Post sandbox methods and systems for detecting and blocking zero-day exploits via api call validation - K2 Cyber Security Inc ni, Reference - Preventing execution of task scheduled malware - McAfee LLC ni, Reference - Privacy and security systems and methods of use ni, Reference - Private virtual local area network isolation - Cisco Technology Inc ni, Reference - Protected computing environment - Microsoft Technology Licensing LLC ni, Reference - Protecting against distributed denial of service attacks - Cisco Technology Inc. ni, Reference - Protecting against distributed network flood attacks - Juniper Networks Inc. ni, Reference - RPC call interception - Crowdstrike Inc ni, Reference - Reputation of an entity associated with a content item ni, Reference - Secure caching of server credentials - Dell Products LP ni, Reference - Security System with Methodology for Interprocess Communication Control - Check Point Software Tech Inc ni, Reference - Security vulnerability information aggregation ni, Reference - Sinkholing bad network domains by registering the bad network domains on the internet - Palo Alto Networks Inc ni, Reference - Software vulnerability graph database ni, Reference - Supply chain cyber-deception - Cymmetria, Inc. ni, Reference - Synchronizing a honey network configuration to reflect a target network environment - Palo Alto Networks Inc ni, Reference - System and Method for Detection of a Change in Behavior in the Use of a Website Through Vector Velocity Analysis - Silver Tail Systems ni, Reference - System and Method for Network Security Including Detection of Attacks Through Partner Websites - EMC IP Holding Co LLC ni, Reference - System and Method for Process Hollowing Detection - Carbon Black Inc ni, Reference - System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Inc ni, Reference - System and method for detecting homoglyph attacks with a siamese convolutional neural network - Endgame Inc ni, Reference - System and method for detecting malware injected into memory of a computing device - Endgame Inc ni, Reference - System and method for identifying the presence of malware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Inc ni, Reference - System and method for internet security - Cylance Inc ni, Reference - System and method for managed security assessment and mitigation ni, Reference - System and method for providing an actively invalidated client-side network resource cache - IMVU ni, Reference - System and method for scanning remote services to locate stored objects with malware ni, Reference - System and method for validating in-memory integrity of executable files to identify malicious activity - Endgame Inc ni, Reference - System and method for vulnerability risk analysis ni, Reference - System and method thereof for identifying and responding to security incidents based on preemptive forensics - Palo Alto Networks Inc ni, Reference - System and methods thereof for causality identification and attributions determination of processes in a network - Palo Alto Networks IncCyber Secdo Ltd ni, Reference - System and methods thereof for detection of persistent threats in a computerized environment background - Palo Alto Networks IncCyber Secdo Ltd ni, Reference - System and methods thereof for identification of suspicious system processes - Palo Alto Networks Inc ni, Reference - System and methods thereof for logical identification of malicious threats across a plurality of end-point devices (epd) communicatively connected by a network - Palo Alto Networks IncCyber Secdo Ltd ni, Reference - System and methods thereof for preventing ransomware from encrypting data elements stored in a memory of a computer-based system - Palo Alto Networks Inc ni, Reference - System for detecting threats using scenario-based tracking of internal and external network traffic - VECTRA NETWORKS Inc ni, Reference - System for implementing threat detection using daily network traffic community outliers - VECTRA NETWORKS Inc ni, Reference - System for implementing threat detection using threat and risk assessment of asset-actor interactions - VECTRA NETWORKS Inc ni, Reference - System, method, and computer program product for detecting and assessing security risks in a network - Exabeam Inc ni, Reference - Systems and methods for detecting and/or handling targeted attacks in the email channel - Graphus Inc ni, Reference - Systems and methods for detecting credential theft - Symantec Corp ni, Reference - Tamper proof mutating software - ARXAN TECHNOLOGIES Inc ni, Reference - Techniques for impeding and detecting network threats - Verisign Inc ni, Reference - Threat detection for return oriented programming - Crowdstrike Inc ni, Reference - Threat detection through the accumulated detection of threat characteristics - Sophos Ltd ni, Reference - Tokenless biometric transaction authorization method and system ni, Reference - Trusted Communications With Child Processes - Microsoft Technology Licensing LLC ni, Reference - USB filter for hub malicious code prevention system ni, Reference - Use of an application controller to monitor and control software file and application environments - Sophos Ltd ni, Reference - Using spanning tree protocol (STP) to enhance layer-2 topology maps ni, Reference - Virtualized process isolation - Advanced Micro Devices Inc ni

Path Interception by PATH Environment Variablec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.007

has super-classes
Hijack Execution Flow c
is also defined as
named individual

Path Interception by Search Order Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.008

has super-classes
Hijack Execution Flow c
is also defined as
named individual

Path Interception by Unquoted Pathc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.009

has super-classes
Hijack Execution Flow c
is also defined as
named individual

Per Host Download-Upload Ratio Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PerHostDownload-UploadRatioAnalysis

has super-classes
Network Traffic Analysis c
is also defined as
named individual

Peripheral Device Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1120

has super-classes
Discovery Technique c

Peripheral Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PeripheralFirmware

has super-classes
Firmware c
has sub-classes
Graphics Card Firmware c, Hard Disk Firmware c, Human Input Device Firmware c, Network Card Firmware c, Peripheral Hub Firmware c
is also defined as
named individual

Peripheral Firmware Verificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PeripheralFirmwareVerification

has super-classes
Firmware Verification c
is also defined as
named individual

Peripheral Hub Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PeripheralHubFirmware

has super-classes
Peripheral Firmware c

Permission Groups Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1069

has super-classes
Discovery Technique c
has sub-classes
Cloud Groups c, Domain Groups c, Local Groups c

Persistencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Persistence

has super-classes
Offensive Tactic c
is also defined as
named individual

Persistence Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PersistenceTechnique

has super-classes
Offensive Technique c
has sub-classes
Accessibility Features c, Account Manipulation c, AppCert DLLs c, AppInit DLLs c, Application Shimming c, Authentication Package c, BITS Jobs c, Boot or Logon Autostart Execution c, Boot or Logon Initialization Scripts c, Bootkit c, Browser Extensions c, Change Default File Association c, Component Firmware c, Component Object Model Hijacking c, Compromise Client Software Binary c, Create Account c, Create or Modify System Process c, DLL Search Order Hijacking c, Dylib Hijacking c, Emond c, Event Triggered Execution c, External Remote Services c, File System Permissions Weakness c, Hidden Files and Directories c, Hijack Execution Flow c, Hooking c, Image File Execution Options Injection c, Implant Container Image c, Kernel Modules and Extensions c, LC_LOAD_DYLIB Addition c, LSASS Driver c, Launch Agent c, Launch Daemon c, Launchctl c, Local Job Scheduling c, Login Item c, Malicious Shell Modification c, Modify Existing Service c, Netsh Helper DLL c, New Service c, Office Application Startup c, Plist Modification c, Port Monitors c, PowerShell Profile c, Pre-OS Boot c, Rc.common c, Re-opened Applications c, Registry Run Keys / Startup Folder c, SIP and Trust Provider Hijacking c, Scheduled Task/Job Execution c, Screensaver c, Security Support Provider c, Server Software Component c, Service Registry Permissions Weakness c, Setuid and Setgid c, Shortcut Modification c, Startup Items c, System Firmware c, Systemd Service c, Time Providers c, Traffic Signaling c, Trap c, Valid Accounts c, Web Shell c, Windows Management Instrumentation Event Subscription c, Winlogon Helper DLL c
is also defined as
named individual

Personc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Person

has super-classes
Agent c
is also defined as
named individual

Personal Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PersonalComputer

Is defined by
http://dbpedia.org/resource/Personal_computer
has super-classes
Client Computer c
has sub-classes
Desktop Computer c, IP Phone c, Laptop Computer c, Mobile Phone c, Tablet Computer c

Phishingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1566

has super-classes
Initial Access Technique c
has sub-classes
Spearphishing Attachment c, Spearphishing Link c, Spearphishing Via Service c

Phishing for Informationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1598

has super-classes
Reconnaissance Technique c
has sub-classes
Spearphishing Attachment c, Spearphishing Link c, Spearphishing Service c

Physical Addressc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PhysicalAddress

has super-classes
Memory Address c
is also defined as
named individual

Physical Artifactc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PhysicalArtifact

has super-classes
Artifact c, Physical Object c
has sub-classes
Hardware Device c

Physical Link Mappingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PhysicalLinkMapping

has super-classes
Network Mapping c
has sub-classes
Active Physical Link Mapping c, Passive Physical Link Mapping c
has members
Active Physical Link Mapping ni, Passive Physical Link Mapping ni
is also defined as
named individual

Physical Locationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PhysicalLocation

has super-classes
Digital Artifact c
is also defined as
named individual

Physical Objectc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PhysicalObject

has super-classes
D3FEND Thing c
has sub-classes
Physical Artifact c

Pipec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Pipe

has super-classes
Interprocess Communication c
is also defined as
named individual

Platformc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Platform

has super-classes
Digital Artifact c
is also defined as
named individual

Platform Hardeningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PlatformHardening

has super-classes
Defensive Technique c
has sub-classes
Bootloader Authentication c, Disk Encryption c, Driver Load Integrity Checking c, File Encryption c, Local File Permissions c, RF Shielding c, Software Update c, System Configuration Permissions c, TPM Boot Integrity c
has members
Bootloader Authentication ni, Disk Encryption ni, Driver Load Integrity Checking ni, Executable Allowlisting ni, File Encryption ni, Local File Permissions ni, RF Shielding ni, Software Update ni, System Configuration Permissions ni, TPM Boot Integrity ni
is also defined as
named individual

Platform Monitoringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PlatformMonitoring

has super-classes
Defensive Technique c
has sub-classes
Firmware Behavior Analysis c, Firmware Embedded Monitoring Code c, Firmware Verification c, Operating System Monitoring c
has members
Firmware Behavior Analysis ni, Firmware Embedded Monitoring Code ni, Firmware Verification ni, Operating System Monitoring ni
is also defined as
named individual

Plist File Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1647

has super-classes
Defense Evasion Technique c

Plist Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1150

has super-classes
Defense Evasion Technique c, Persistence Technique c, Privilege Escalation Technique c

Plist Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.011

has super-classes
Boot or Logon Autostart Execution c
is also defined as
named individual

Pluggable Authentication Modulesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.003

has super-classes
Modify Authentication Process c
is also defined as
named individual

Pointerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Pointer

has super-classes
Digital Artifact c
has sub-classes
Saved Instruction Pointer c
is also defined as
named individual

Pointer Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PointerAuthentication

has super-classes
Application Hardening c
is also defined as
named individual

Pointer Dereferencing Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PointerDereferencingFunction

has super-classes
Subroutine c
is also defined as
named individual

Policyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Policy

has super-classes
Document c
has sub-classes
Guidance c

Policy Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PolicyReference

has super-classes
Technique Reference c
has sub-classes
Guideline Reference c

Port Knockingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1205.001

has super-classes
Traffic Signaling c
is also defined as
named individual

Port Monitorsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1013

has super-classes
Persistence Technique c, Privilege Escalation Technique c

Port Monitorsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.010

has super-classes
Boot or Logon Autostart Execution c
is also defined as
named individual

Portable Executable Injectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.002

has super-classes
Process Injection c
is also defined as
named individual

Portfolio Assessmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PortfolioAssessment

has super-classes
Assessment c

PowerShellc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1086

has super-classes
Execution Technique c

PowerShell Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.001

has super-classes
Command and Scripting Interpreter Execution c

PowerShell Profilec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1504

has super-classes
Persistence Technique c, Privilege Escalation Technique c

PowerShell Profilec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.013

has super-classes
Event Triggered Execution c
is also defined as
named individual

PowerShell Profile Scriptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PowerShellProfileScript

has super-classes
User Init Script c
is also defined as
named individual

Pre-OS Bootc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542

has super-classes
Defense Evasion Technique c, Persistence Technique c
has sub-classes
Bootkit c, Component Firmware c, ROMMONkit c, System Firmware c, TFTP Boot c

Primary Storagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrimaryStorage

has super-classes
Hardware Device c, Storage c
has sub-classes
Processor Cache Memory c, Processor Register c, RAM c, ROM c
is also defined as
named individual

Print Processorsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.012

has super-classes
Boot or Logon Autostart Execution c

Print Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrintServer

Is defined by
http://dbpedia.org/resource/Print_server
has super-classes
Server c

Private Keyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrivateKey

has super-classes
Asymmetric Key c
is also defined as
named individual

Private Keysc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1145

has super-classes
Credential Access Technique c

Private Keysc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.004

has super-classes
Unsecured Credentials c
is also defined as
named individual

Privilege Escalationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrivilegeEscalation

has super-classes
Offensive Tactic c
is also defined as
named individual

Privilege Escalation Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrivilegeEscalationTechnique

has super-classes
Offensive Technique c
has sub-classes
Abuse Elevation Control Mechanism c, Access Token Manipulation c, Accessibility Features c, AppCert DLLs c, AppInit DLLs c, Application Shimming c, Boot or Logon Autostart Execution c, Boot or Logon Initialization Scripts c, Bypass User Account Control c, Create Account c, Create or Modify System Process c, DLL Search Order Hijacking c, Dylib Hijacking c, Elevated Execution with Prompt c, Emond c, Escape to Host c, Event Triggered Execution c, Exploitation for Privilege Escalation c, Extra Window Memory Injection c, File System Permissions Weakness c, Group Policy Modification c, Hijack Execution Flow c, Hooking c, Image File Execution Options Injection c, Launch Daemon c, New Service c, Parent PID Spoofing c, Plist Modification c, Port Monitors c, PowerShell Profile c, Process Injection c, SID-History Injection c, Scheduled Task/Job Execution c, Service Registry Permissions Weakness c, Setuid and Setgid c, Startup Items c, Sudo c, Sudo Caching c, Valid Accounts c, Web Shell c
is also defined as
named individual

Privileged User Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrivilegedUserAccount

Is defined by
https://www.ssh.com/iam/user/privileged-account
has super-classes
User Account c

Proc Filesystemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.007

has super-classes
OS Credential Dumping c
is also defined as
named individual

Proc Memoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.009

has super-classes
Process Injection c
is also defined as
named individual

procedurec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Procedure

has super-classes
D3FEND Thing c
has sub-classes
Use Case Procedure c
has members
Procedure 1 - T1134.001 Access Token Manipulation ni

Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Process

has super-classes
Digital Artifact c
has sub-classes
Child Process c, Operating System Process c, Parent Process c, User Process c
is in domain of
process-security-context dp
has members
BSD Process ni, Linux Process ni, Windows Process ni, iOS Process ni, macOS Process ni
is also defined as
named individual

Process Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessAnalysis

has super-classes
Defensive Technique c
has sub-classes
Database Query String Analysis c, File Access Pattern Analysis c, Indirect Branch Call Analysis c, Process Code Segment Verification c, Process Self-Modification Detection c, Process Spawn Analysis c, Script Execution Analysis c, Shadow Stack Comparisons c, System Call Analysis c
has members
Database Query String Analysis ni, File Access Pattern Analysis ni, Indirect Branch Call Analysis ni, Process Code Segment Verification ni, Process Self-Modification Detection ni, Process Spawn Analysis ni, Script Execution Analysis ni, Shadow Stack Comparisons ni, System Call Analysis ni
is also defined as
named individual

Process Argument Spoofingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.010

has super-classes
Hide Artifacts c

Process Code Segmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessCodeSegment

has super-classes
Process Segment c
has members
AMD64 Code Segment ni, ARM32 Code Segment ni, X86 Code Segment ni
is also defined as
named individual

Process Code Segment Verificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessCodeSegmentVerification

has super-classes
Process Analysis c
is also defined as
named individual

Process Data Segmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessDataSegment

has super-classes
Process Segment c

Process Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1057

has super-classes
Discovery Technique c
is also defined as
named individual

Process Doppelgängingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.013

has super-classes
Process Injection c
is also defined as
named individual

Process Doppelgängingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1186

has super-classes
Defense Evasion Technique c

Process Environment Variablec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessEnvironmentVariable

has super-classes
Application Configuration c
is also defined as
named individual

Process Evictionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessEviction

has super-classes
Defensive Technique c
has sub-classes
Process Suspension c, Process Termination c
has members
Process Suspension ni, Process Termination ni
is also defined as
named individual

Process Hollowingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.012

has super-classes
Process Injection c
is also defined as
named individual

Process Hollowingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1093

has super-classes
Defense Evasion Technique c

Process Imagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessImage

has super-classes
Digital Artifact c
is also defined as
named individual

Process Injectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055

has super-classes
Defense Evasion Technique c, Privilege Escalation Technique c
has sub-classes
Asynchronous Procedure Call c, Dynamic-link Library Injection c, Extra Window Memory Injection c, ListPlanting c, Portable Executable Injection c, Proc Memory c, Process Doppelgänging c, Process Hollowing c, Ptrace System Calls c, Thread Execution Hijacking c, Thread Local Storage c, VDSO Hijacking c

Process Lineage Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessLineageAnalysis

has super-classes
Process Spawn Analysis c
is also defined as
named individual

Process Segmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSegment

has super-classes
Binary Segment c
has sub-classes
Heap Segment c, Process Code Segment c, Process Data Segment c, Stack Segment c
is also defined as
named individual

Process Segment Execution Preventionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSegmentExecutionPrevention

has super-classes
Application Hardening c
is also defined as
named individual

Process Self-Modification Detectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSelf-ModificationDetection

has super-classes
Process Analysis c
is also defined as
named individual

Process Spawn Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSpawnAnalysis

has super-classes
Process Analysis c
has sub-classes
Process Lineage Analysis c
has members
Process Lineage Analysis ni
is also defined as
named individual

Process Start Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessStartFunction

has super-classes
Subroutine c
is also defined as
named individual

Process Suspensionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSuspension

has super-classes
Process Eviction c
is also defined as
named individual

Process Terminationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessTermination

has super-classes
Process Eviction c
is also defined as
named individual

Process Treec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessTree

has super-classes
Digital Artifact c
is also defined as
named individual

Processorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Processor

has super-classes
Hardware Device c
has sub-classes
Central Processing Unit c, Graphics Processing Unit c

Processor Cache Memoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CacheMemory

has super-classes
Primary Storage c
is also defined as
named individual

Processor Componentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessorComponent

has super-classes
Hardware Device c
has sub-classes
Memory Management Unit c, Memory Protection Unit c

Processor Registerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessorRegister

has super-classes
Primary Storage c
is also defined as
named individual

Productc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Product

has super-classes
Capability Implementation c
has sub-classes
Appliance c, Software Product c

Product Developerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProductDeveloper

has super-classes
Provider c
has sub-classes
Open-source Developer c

Property List Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PropertyListFile

has super-classes
Configuration File c
is also defined as
named individual

Propositionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Proposition

Is defined by
http://semanticscience.org/resource/SIO_000256
has super-classes
D3FEND Catalog Thing c
has sub-classes
Statement c

Proprietary Licensec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProprietaryLicense

has super-classes
License c

Protocol Impersonationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1001.003

has super-classes
Data Obfuscation c

Protocol Metadata Anomaly Detectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProtocolMetadataAnomalyDetection

has super-classes
Network Traffic Analysis c
is also defined as
named individual

Protocol Tunnelingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1572

has super-classes
Command and Control Technique c
is also defined as
named individual

Providerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Provider

has super-classes
Organization c
has sub-classes
Product Developer c, Service Provider c, Vendor c

Proxyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090

has super-classes
Command and Control Technique c
has sub-classes
Domain Fronting c, External Proxy c, Internal Proxy c, Multi-hop Proxy c

Proxy Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProxyServer

Is defined by
http://dbpedia.org/resource/Proxy_server
has super-classes
Network Node c, Server c
has sub-classes
Forward Proxy Server c, Reverse Proxy Server c

Ptrace System Callsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.008

has super-classes
Process Injection c
is also defined as
named individual

Public Keyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PublicKey

has super-classes
Asymmetric Key c
is also defined as
named individual

PubPrn Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1216.001

has super-classes
Signed Script Proxy Execution c

Purchase Technical Datac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1597.002

has super-classes
Search Closed Sources c

Python Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.006

has super-classes
Command and Scripting Interpreter Execution c

Python Packagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PythonPackage

has super-classes
Software Package c

Python Script Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PythonScriptFile

has super-classes
Executable Script c

Query Registryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1012

has super-classes
Discovery Technique c
is also defined as
named individual

Radio Modemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RadioModem

Is defined by
http://dbpedia.org/resource/Modem#Radio
has super-classes
Modem c

RAMc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RAM

Is defined by
https://dbpedia.org/page/Random-access_memory
has super-classes
Primary Storage c

Raw Memory Access Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RawMemoryAccessFunction

has super-classes
Subroutine c
is also defined as
named individual

Rc.commonc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.004

has super-classes
Boot or Logon Initialization Scripts c
is also defined as
named individual

Rc.commonc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1163

has super-classes
Persistence Technique c

RDP Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1563.002

has super-classes
Remote Service Session Hijacking c
is also defined as
named individual

RDP Sessionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RDPSession

has super-classes
Remote Session c
is also defined as
named individual

Re-opened Applicationsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1164

has super-classes
Persistence Technique c

Re-opened Applicationsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.007

has super-classes
Boot or Logon Autostart Execution c
is also defined as
named individual

Read Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReadFile

has super-classes
System Call c
is also defined as
named individual

reconnaissancec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reconnaissance

has super-classes
Offensive Tactic c
is also defined as
named individual

Reconnaissance Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReconnaissanceTechnique

has super-classes
Offensive Technique c
has sub-classes
Active Scanning c, Gather Victim Host Information c, Gather Victim Identity Information c, Gather Victim Network Information c, Gather Victim Org Information c, Phishing for Information c, Search Closed Sources c, Search Open Technical Databases c, Search Open Websites/Domains c, Search Victim-Owned Websites c
is also defined as
named individual

Recordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Record

has super-classes
Digital Artifact c
has sub-classes
Boot Record c, Configuration Database Record c, DNS Record c, System Utilization Record c
is also defined as
named individual

Reduce Key Spacec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1600.001

has super-classes
Weaken Encryption c

Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference

has super-classes
D3FEND Thing c
is in domain of
d3fend-kb-reference-annotation, kb-abstract, kb-author, kb-mitre-analysis, kb-reference-of op, kb-reference-title dp

Reference Typec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReferenceType

has super-classes
D3FEND Thing c
has members
Book ni, Internet Article ni, Marketing Material ni, Patent ni, Source Code ni, User Manual ni

Reflection Amplificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1498.002

has super-classes
Network Denial of Service c
is also defined as
named individual

Reflective Code Loadingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1620

has super-classes
Defense Evasion Technique c
is also defined as
named individual

Registry Run Keys / Startup Folderc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1060

has super-classes
Persistence Technique c

Registry Run Keys / Startup Folderc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.001

has super-classes
Boot or Logon Autostart Execution c
is also defined as
named individual

Regsvcs/Regasmc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1121

has super-classes
Defense Evasion Technique c, Execution Technique c

Regsvcs/Regasm Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.009

has super-classes
Signed Binary Proxy Execution c

Regsvr32c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1117

has super-classes
Defense Evasion Technique c, Execution Technique c

Regsvr32 Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.010

has super-classes
Signed Binary Proxy Execution c

Relay Pattern Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RelayPatternAnalysis

has super-classes
Network Traffic Analysis c
is also defined as
named individual

Remote Access Softwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1219

has super-classes
Command and Control Technique c
is also defined as
named individual

Remote Authentication Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteAuthenticationService

has super-classes
Authentication Service c, Network Service c

Remote Authorization Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteAuthorizationService

has super-classes
Authorization Service c

Remote Commandc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteCommand

has super-classes
Command c, Network Session c
has sub-classes
Remote Database Query c, Remote Procedure Call c

Remote Data Stagingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1074.002

has super-classes
Data Staged c
is also defined as
named individual

Remote Database Queryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteDatabaseQuery

has super-classes
Database Query c, Remote Command c

Remote Desktop Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.001

has super-classes
Remote Services c
is also defined as
named individual

Remote Desktop Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1076

has super-classes
Lateral Movement Technique c

Remote Email Collectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114.002

has super-classes
Email Collection c
is also defined as
named individual

Remote Procedure Callc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteProcedureCall

Is defined by
http://dbpedia.org/resource/Remote_procedure_call
has super-classes
Remote Command c

Remote Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteResource

has super-classes
Resource c
has sub-classes
Network Resource c

Remote Service Session Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1563

has super-classes
Lateral Movement Technique c
has sub-classes
RDP Hijacking c, SSH Hijacking c
is also defined as
named individual

Remote Servicesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021

has super-classes
Lateral Movement Technique c
has sub-classes
Distributed Component Object Model c, Remote Desktop Protocol c, SMB/Windows Admin Shares c, SSH c, VNC c, Windows Remote Management c
is also defined as
named individual

Remote Sessionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteSession

has super-classes
Login Session c
has sub-classes
RDP Session c, SSH Session c
is also defined as
named individual

Remote System Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1018

has super-classes
Discovery Technique c
is also defined as
named individual

Remote Terminal Sessionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteTerminalSession

has super-classes
Network Session c

Remote Terminal Session Detectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteTerminalSessionDetection

has super-classes
Network Traffic Analysis c
is also defined as
named individual

Removable Media Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemovableMediaDevice

has super-classes
Hardware Device c
is also defined as
named individual

Rename System Utilitiesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.003

has super-classes
Masquerading c
is also defined as
named individual

Replication Through Removable Mediac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1091

has super-classes
Initial Access Technique c, Lateral Movement Technique c
is also defined as
named individual

Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Resource

has super-classes
Digital Artifact c
has sub-classes
Configuration Resource c, File c, Local Resource c, Remote Resource c
is in domain of
addressed-by op
is in range of
addresses op
is also defined as
named individual

Resource Accessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ResourceAccess

has super-classes
Digital Event c, User Action c
has sub-classes
Local Resource Access c, Network Resource Access c
is also defined as
named individual

Resource Access Pattern Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ResourceAccessPatternAnalysis

has super-classes
User Behavior Analysis c
is also defined as
named individual

Resource Developmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ResourceDevelopment

has super-classes
Offensive Tactic c

Resource Development Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ResourceDevelopmentTechnique

has super-classes
Offensive Technique c
has sub-classes
Acquire Infrastructure c, Compromise Accounts c, Compromise Infrastructure c, Develop Capabilities c, Establish Accounts c, Obtain Capabilities c, Stage Capabilities c
is also defined as
named individual

Resource Forkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ResourceFork

has super-classes
File Section c
is also defined as
named individual

Resource Forkingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.009

has super-classes
Hide Artifacts c
is also defined as
named individual

Resource Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1496

has super-classes
Impact Technique c

Reverse Proxy Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReverseProxyServer

Is defined by
http://dbpedia.org/resource/Reverse_proxy
has super-classes
Proxy Server c

Reverse Resolution Domain Denylistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReverseResolutionDomainDenylisting

has super-classes
DNS Denylisting c
is also defined as
named individual

Reverse Resolution IP Denylistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReverseResolutionIPDenylisting

has super-classes
DNS Denylisting c
is also defined as
named individual

Reversible Encryptionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.005

has super-classes
Modify Authentication Process c

Revert Cloud Instancec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1536

has super-classes
Defense Evasion Technique c

Revert Cloud Instancec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1578.004

has super-classes
Modify Cloud Compute Infrastructure c

RF Nodec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RFNode

has super-classes
Network Node c
has sub-classes
RF Receiver c, RF Transceiver c, RF Transmitter c

RF Receiverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RFReceiver

has super-classes
RF Node c

RF Shieldingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RFShielding

has super-classes
Platform Hardening c
is also defined as
named individual

RF Transceiverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RFTransceiver

has super-classes
RF Node c
has sub-classes
Wireless Access Point c

RF Transmitterc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RFTransmitter

has super-classes
RF Node c

Right-to-Left Overridec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.002

has super-classes
Masquerading c
is also defined as
named individual

Rogue Domain Controllerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1207

has super-classes
Defense Evasion Technique c
is also defined as
named individual

ROMc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ROM

Is defined by
https://dbpedia.org/page/Read-only_memory
has super-classes
Primary Storage c

ROMMONkitc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.004

has super-classes
Pre-OS Boot c

Rootkitc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1014

has super-classes
Defense Evasion Technique c
is also defined as
named individual

Routerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Router

Is defined by
http://dbpedia.org/resource/Router_(computing)
has super-classes
Network Node c
has sub-classes
Wireless Router c

RPC Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RPCNetworkTraffic

has super-classes
Network Traffic c
has sub-classes
Intranet RPC Network Traffic c, Outbound Internet RPC Traffic c
is also defined as
named individual

RPC Traffic Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RPCTrafficAnalysis

has super-classes
Network Traffic Analysis c
is also defined as
named individual

Run Virtual Instancec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.006

has super-classes
Hide Artifacts c
is also defined as
named individual

Rundll32c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1085

has super-classes
Defense Evasion Technique c, Execution Technique c

Rundll32 Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.011

has super-classes
Signed Binary Proxy Execution c
is also defined as
named individual

Runtime Data Manipulationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1494

has super-classes
Impact Technique c

Runtime Data Manipulationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1565.003

has super-classes
Data Manipulation c
is also defined as
named individual

Safe Mode Bootc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.009

has super-classes
Impair Defenses c
is also defined as
named individual

SAML Tokensc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1606.002

has super-classes
Forge Web Credentials c

Saved Instruction Pointerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SavedInstructionPointer

has super-classes
Pointer c, Stack Component c

Scan Databasesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1596.005

has super-classes
Search Open Technical Databases c

Scanning IP Blocksc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1595.001

has super-classes
Active Scanning c

Scheduled Job Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ScheduledJobAnalysis

has super-classes
Operating System Monitoring c
is also defined as
named individual

Scheduled Task/Job Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053

has super-classes
Execution Technique c, Persistence Technique c, Privilege Escalation Technique c
has sub-classes
At (Linux) Execution c, At (Windows) Execution c, Container Orchestration Job c, Cron Execution c, Launchd c, Schtasks Execution c, Systemd Timers c
is also defined as
named individual

Scheduled Transferc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1029

has super-classes
Exfiltration Technique c
is also defined as
named individual

Schtasks Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.005

has super-classes
Scheduled Task/Job Execution c

Screen Capturec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1113

has super-classes
Collection Technique c
is also defined as
named individual

Screensaverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1180

has super-classes
Persistence Technique c

Screensaverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.002

has super-classes
Event Triggered Execution c
is also defined as
named individual

Script Application Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ScriptApplicationProcess

has super-classes
Application Process c
is also defined as
named individual

Script Execution Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ScriptExecutionAnalysis

has super-classes
Process Analysis c
is also defined as
named individual

Search Closed Sourcesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1597

has super-classes
Reconnaissance Technique c
has sub-classes
Purchase Technical Data c, Threat Intel Vendors c

Search Enginesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1593.002

has super-classes
Search Open Websites/Domains c

Search Open Technical Databasesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1596

has super-classes
Reconnaissance Technique c
has sub-classes
CDNs c, DNS/Passive DNS c, Digital Certificates c, Scan Databases c, WHOIS c

Search Open Websites/Domainsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1593

has super-classes
Reconnaissance Technique c
has sub-classes
Search Engines c, Social Media c

Search Victim-Owned Websitesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1594

has super-classes
Reconnaissance Technique c

Second-stage Boot Loaderc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Second-stageBootLoader

has super-classes
Boot Loader c

Secondary Storagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SecondaryStorage

Is defined by
https://whatis.techtarget.com/definition/memory
has super-classes
Hardware Device c, Storage c
has sub-classes
Cloud Storage c, Flash Memory c, Tertiary Storage c

Security Account Managerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.002

has super-classes
OS Credential Dumping c
is also defined as
named individual

Security Software Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1063

has super-classes
Discovery Technique c

Security Software Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1518.001

has super-classes
Software Discovery c
is also defined as
named individual

Security Support Providerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1101

has super-classes
Persistence Technique c

Security Support Providerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.005

has super-classes
Boot or Logon Autostart Execution c
is also defined as
named individual

Security Tokenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SecurityToken

has super-classes
Hardware Device c
is also defined as
named individual

Securityd Memoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1167

has super-classes
Credential Access Technique c

Securityd Memoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.002

has super-classes
Credentials from Password Stores c
is also defined as
named individual

Segment Address Offset Randomizationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SegmentAddressOffsetRandomization

has super-classes
Application Hardening c
is also defined as
named individual

Sender MTA Reputation Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SenderMTAReputationAnalysis

has super-classes
Message Analysis c
is also defined as
named individual

Sender Reputation Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SenderReputationAnalysis

has super-classes
Message Analysis c
is also defined as
named individual

Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Sensor

has super-classes
D3FEND Thing c, Digital Artifact c
has sub-classes
Cloud Service Sensor c, Endpoint Sensor c, Network Sensor c

Serialization Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SerializationFunction

has super-classes
Subroutine c

Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Server

has super-classes
Host c, Network Resource c
has sub-classes
Authentication Server c, Computing Server c, DNS Server c, Database Server c, File Server c, Mail Server c, Media Server c, Orchestration Server c, Print Server c, Proxy Server c, VPN Server c, Web Server c
is also defined as
named individual

Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1583.004

has super-classes
Acquire Infrastructure c

Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1584.004

has super-classes
Compromise Infrastructure c

Server Software Componentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505

has super-classes
Persistence Technique c
has sub-classes
IIS Components c, SQL Stored Procedures c, Terminal Services DLL c, Transport Agent c, Web Shell c

Server-Side Request Forgery (SSRF)c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-918

has super-classes
Weakness c
is also defined as
named individual

Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Service

has super-classes
Capability Implementation c
has sub-classes
Software Service c

Service Applicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceApplication

has super-classes
Application c
has sub-classes
Container Orchestration Software c, Container Runtime c, Credential Management System c, Software Deployment Tool c, Virtualization Software c, Web Server Application c
is also defined as
named individual

Service Application Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceApplicationProcess

has super-classes
Application Process c
has sub-classes
Authentication Service c, Authorization Service c, Network Service c
is also defined as
named individual

Service Binary Verificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceBinaryVerification

has super-classes
System File Analysis c
is also defined as
named individual

Service Dependencyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceDependency

has super-classes
Dependency c
is also defined as
named individual

Service Dependency Mappingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceDependencyMapping

has super-classes
System Mapping c
is also defined as
named individual

Service Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1035

has super-classes
Execution Technique c

Service Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1569.002

has super-classes
System Services c

Service Exhaustion Floodc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1499.002

has super-classes
Network Denial of Service c
is also defined as
named individual

Service Providerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceProvider

has super-classes
Provider c

Service Registry Permissions Weaknessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1058

has super-classes
Persistence Technique c, Privilege Escalation Technique c

Service Stopc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1489

has super-classes
Impact Technique c

Services File Permissions Weaknessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.010

has super-classes
Hijack Execution Flow c
is also defined as
named individual

Services Registry Permissions Weaknessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.011

has super-classes
Hijack Execution Flow c
is also defined as
named individual

Sessionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Session

Is defined by
http://dbpedia.org/resource/Session_(computer_science)
has super-classes
Digital Artifact c
has sub-classes
Login Session c

Session Cookiec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SessionCookie

has super-classes
Credential c
is also defined as
named individual

Session Duration Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SessionDurationAnalysis

has super-classes
User Behavior Analysis c
is also defined as
named individual

Set System Config Valuec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SetSystemConfigValue

has super-classes
System Config System Call c
has members
reg set key value a ni, reg set key value w ni, reg set value a ni, reg set value ex a ni, reg set value ex w ni, reg set value w ni
is also defined as
named individual

Setuid and Setgidc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1166

has super-classes
Persistence Technique c, Privilege Escalation Technique c

Setuid and Setgidc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.001

has super-classes
Abuse Elevation Control Mechanism c
is also defined as
named individual

Shadow Stackc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ShadowStack

has super-classes
Digital Artifact c
is also defined as
named individual

Shadow Stack Comparisonsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ShadowStackComparisons

has super-classes
Process Analysis c
is also defined as
named individual

Shared Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SharedComputer

has super-classes
Client Computer c
has sub-classes
Kiosk Computer c, Network Printer c, Operations Center Computer c, Thin Client Computer c

Shared Library Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SharedLibraryFile

has super-classes
Object File c
has sub-classes
Operating System Shared Library File c
is also defined as
named individual

Shared Modules Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1129

has super-classes
Execution Technique c

Shared Resource Access Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SharedResourceAccessFunction

has super-classes
Subroutine c
is also defined as
named individual

Sharepointc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213.002

has super-classes
Data from Information Repositories c
is also defined as
named individual

Shimc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Shim

has super-classes
Software c
has sub-classes
Application Shim c
is also defined as
named individual

Shim Databasec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ShimDatabase

has super-classes
Application Configuration Database c
is also defined as
named individual

Shortcut Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ShortcutFile

has super-classes
File c
has sub-classes
Windows Shortcut File c

Shortcut Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1023

has super-classes
Persistence Technique c

Shortcut Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.009

has super-classes
Boot or Logon Autostart Execution c
is also defined as
named individual

SID-History Injectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.005

has super-classes
Access Token Manipulation c
is also defined as
named individual

SID-History Injectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1178

has super-classes
Privilege Escalation Technique c

Signed Binary Proxy Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218

has super-classes
Defense Evasion Technique c, Execution Technique c
has sub-classes
CMSTP c, Compiled HTML File c, Control Panel Execution c, InstallUtil Execution c, MMC c, Mavinject c, Mshta Execution c, Msiexec Execution c, Odbcconf Execution c, Regsvcs/Regasm Execution c, Regsvr32 Execution c, Rundll32 Execution c, Verclsid c

Signed Script Proxy Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1216

has super-classes
Defense Evasion Technique c, Execution Technique c
has sub-classes
PubPrn Execution c

Silver Ticketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558.002

has super-classes
Steal or Forge Kerberos Tickets c

SIP and Trust Provider Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1198

has super-classes
Defense Evasion Technique c, Persistence Technique c

SIP and Trust Provider Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.003

has super-classes
Subvert Trust Controls c
is also defined as
named individual

SMB/Windows Admin Sharesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.002

has super-classes
Remote Services c

SNMP (MIB Dump)c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1602.001

has super-classes
Data from Configuration Repository c

Social Mediac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1593.001

has super-classes
Search Open Websites/Domains c

Social Media Accountsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1585.001

has super-classes
Establish Accounts c

Social Media Accountsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1586.001

has super-classes
Compromise Accounts c

Softwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Software

has super-classes
Digital Artifact c
has sub-classes
Application c, Firmware c, Network Agent c, Shim c, Software Library c, Software Patch c, Subroutine c, System Service Software c, System Software c, Utility Software c
is also defined as
named individual

Softwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1592.002

has super-classes
Gather Victim Host Information c

Software Artifact Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareArtifactServer

has super-classes
Artifact Server c

Software Deployment Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareDeploymentTool

has super-classes
Service Application c
is also defined as
named individual

Software Deployment Tools Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1072

has super-classes
Execution Technique c, Lateral Movement Technique c
is also defined as
named individual

Software Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1518

has super-classes
Discovery Technique c
has sub-classes
Security Software Discovery c

Software Inventoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareInventory

has super-classes
Asset Inventory c
is also defined as
named individual

Software Libraryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareLibrary

has super-classes
Software c
is also defined as
named individual

Software Library Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareLibraryFile

has super-classes
File c
is also defined as
named individual

Software Packagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwarePackage

has super-classes
Digital Artifact c
has sub-classes
Java Archive c, Python Package c

Software Packaging Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwarePackagingTool

has super-classes
Build Tool c
has sub-classes
Container Build Tool c, Operating System Packaging Tool c

Software Packingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.002

has super-classes
Obfuscated Files or Information c
is also defined as
named individual

Software Packingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1045

has super-classes
Defense Evasion Technique c

Software Patchc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwarePatch

Is defined by
http://dbpedia.org/resource/Patch_(computing)
has super-classes
Software c

Software Productc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareProduct

has super-classes
Product c

Software Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareService

has super-classes
Service c

Software Updatec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareUpdate

has super-classes
Platform Hardening c
is also defined as
named individual

Source Codec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SourceCode

has super-classes
Information Content Entity c
is also defined as
named individual

Source Code Analyzer Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SourceCodeAnalyzerTool

has super-classes
Static Analysis Tool c

Source Code Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SourceCodeReference

has super-classes
Technique Reference c
has members
Reference - Munin ni, Reference - OS Query Windows User Collection Code ni

Space after Filenamec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.006

has super-classes
Masquerading c
is also defined as
named individual

Space after Filenamec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1151

has super-classes
Defense Evasion Technique c, Execution Technique c

Spearphishing Attachmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1193

has super-classes
Initial Access Technique c

Spearphishing Attachmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1566.001

has super-classes
Phishing c
is also defined as
named individual

Spearphishing Attachmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1598.002

has super-classes
Phishing for Information c

Spearphishing Linkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1192

has super-classes
Initial Access Technique c

Spearphishing Linkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1566.002

has super-classes
Phishing c
is also defined as
named individual

Spearphishing Linkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1598.003

has super-classes
Phishing for Information c

Spearphishing Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1598.001

has super-classes
Phishing for Information c

Spearphishing via Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1194

has super-classes
Initial Access Technique c

Spearphishing Via Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1566.003

has super-classes
Phishing c
is also defined as
named individual

Specificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Specification

has super-classes
Document c

Specification Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SpecificationReference

has super-classes
Technique Reference c
has members
Reference - An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks ni, Reference - DNS Whitelist (DNSWL) Email Authentication Method Extension ni, Reference - IEEE Standard for Local and Metropolitan Area Networks - Station and Media Access Control Connectivity Discovery ni, Reference - LUKS1 On-Disk Format SpecificationVersion 1.2.3 ni, Reference - Pointer Authentication on ARMv8.3 ni, Reference - PsSuspend - Microsoft ni, Reference - RFC 2289 - A One-Time Password System ni, Reference - RFC 6376: DomainKeys Identified Mail (DKIM) Signatures - IETF ni, Reference - RFC 7208: Sender Policy Framework (SPF) for Authorizing Use of Domains in Email - IETF ni, Reference - RFC 7489: Domain-based Message Authentication, Reporting, and Conformance (DMARC) - IETF ni, Reference - RFC 7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements ni, Reference - Revoke a previously issued verifiable credential - Microsoft ni, Reference - Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 ni, Reference - Security Architecture for the Internet Protocol ni, Reference - TCG Trusted Attestation Protocol Use Cases for TPM Families 1.2 and 2.0 and DICE ni, Reference - TPM 2.0 Library Specification - Trusted Computing Group, Incorporated ni, Reference - Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities ni, Reference - Trusted Attestation Protocol Use Cases ni, Reference - UEFI Platform Initialization (PI) Specification ni, Reference - Unified Architecture Framework (UAF) ni, Reference - Web Authentication: An API for accessing Public Key Credentials Level 2 ni, Reference - Web-Based Enterprise Management ni, Reference - Windows Management Infrastructure (MI) ni, Reference - Windows Management Instrumentation (WMI) ni

SQL Stored Proceduresc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.001

has super-classes
Server Software Component c
is also defined as
named individual

SSHc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.004

has super-classes
Remote Services c
is also defined as
named individual

SSH Authorized Keysc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.004

has super-classes
Account Manipulation c

SSH Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1184

has super-classes
Lateral Movement Technique c

SSH Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1563.001

has super-classes
Remote Service Session Hijacking c
is also defined as
named individual

SSH Sessionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SSHSession

has super-classes
Remote Session c
is also defined as
named individual

Stack Componentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackComponent

has super-classes
Digital Artifact c
has sub-classes
Saved Instruction Pointer c, Stack Frame c, Stack Frame Canary c

Stack Framec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackFrame

has super-classes
Stack Component c
is also defined as
named individual

Stack Frame Canaryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackFrameCanary

has super-classes
Stack Component c
is also defined as
named individual

Stack Frame Canary Validationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackFrameCanaryValidation

has super-classes
Application Hardening c
has members
GNU GCC StackGuard ni, Microsoft VCCLCompilerTool BufferSecurityCheck ni
is also defined as
named individual

Stack Segmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackSegment

has super-classes
Process Segment c
is also defined as
named individual

Stage Capabilitiesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1608

has super-classes
Resource Development Technique c
has sub-classes
Drive-by Target c, Install Digital Certificate c, Link Target c, Upload Malware c, Upload Tool c

Standalone Honeynetc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StandaloneHoneynet

has super-classes
Decoy Environment c
is also defined as
named individual

Standard Cryptographic Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1032

has super-classes
Command and Control Technique c

Standard Encodingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1132.001

has super-classes
Data Encoding c

Startup Directoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StartupDirectory

has super-classes
Directory c, Local Resource c

Startup Itemsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.005

has super-classes
Boot or Logon Initialization Scripts c
is also defined as
named individual

Startup Itemsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1165

has super-classes
Persistence Technique c, Privilege Escalation Technique c

Statementc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Statement

Is defined by
http://semanticscience.org/resource/SIO_001183
has super-classes
Proposition c
has sub-classes
Capability Feature Claim c

Static Analysis Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StaticAnalysisTool

Is defined by
http://dbpedia.org/resource/Static_program_analysis
has super-classes
Code Analyzer c
has sub-classes
Source Code Analyzer Tool c

Steal Application Access Tokenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1528

has super-classes
Credential Access Technique c
is also defined as
named individual

Steal or Forge Kerberos Ticketsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558

has super-classes
Credential Access Technique c
has sub-classes
AS-REP Roasting c, Golden Ticket c, Kerberoasting c, Silver Ticket c
is also defined as
named individual

Steal Web Session Cookiec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1539

has super-classes
Credential Access Technique c
is also defined as
named individual

Steganographyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1001.002

has super-classes
Data Obfuscation c

Steganographyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.003

has super-classes
Obfuscated Files or Information c

stepc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Step

has super-classes
D3FEND Thing c
has sub-classes
Use Case Step c
has members
Step 1 - Copy Token ni, Step 2 - Impersonate User ni

Storagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Storage

has super-classes
Digital Artifact c
has sub-classes
Primary Storage c, Secondary Storage c
is also defined as
named individual

Stored Data Manipulationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1492

has super-classes
Impact Technique c

Stored Data Manipulationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1565.001

has super-classes
Data Manipulation c
is also defined as
named individual

Stored Procedurec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StoredProcedure

has super-classes
Subroutine c
is also defined as
named individual

String Format Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StringFormatFunction

has super-classes
Subroutine c

Strong Password Policyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StrongPasswordPolicy

has super-classes
Credential Hardening c
is also defined as
named individual

Subroutinec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Subroutine

has super-classes
Software c
has sub-classes
Authentication Function c, Console Output Function c, Copy Memory Function c, Deserialization Function c, Eval Function c, Exception Handler c, External Content Inclusion Function c, File Path Open Function c, Import Library Function c, Input Function c, Log Message Function c, Mathematical Function c, Memory Allocation Function c, Memory Free Function c, Pointer Dereferencing Function c, Process Start Function c, Raw Memory Access Function c, Serialization Function c, Shared Resource Access Function c, Stored Procedure c, String Format Function c, Thread Start Function c
is also defined as
named individual

Subvert Trust Controlsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553

has super-classes
Defense Evasion Technique c
has sub-classes
Code Signing c, Code Signing Policy Modification c, Gatekeeper Bypass c, Install Root Certificate c, Mark-of-the-Web Bypass c, SIP and Trust Provider Hijacking c

Sudoc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1169

has super-classes
Privilege Escalation Technique c

Sudo and Sudo Cachingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.003

has super-classes
Abuse Elevation Control Mechanism c
is also defined as
named individual

Sudo Cachingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1206

has super-classes
Privilege Escalation Technique c

Supply Chain Compromisec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195

has super-classes
Initial Access Technique c
has sub-classes
Compromise Hardware Supply Chain c, Compromise Software Dependencies and Development Tools c, Compromise Software Supply Chain c
is also defined as
named individual

Suspend Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SuspendProcess

has super-classes
System Call c
is also defined as
named individual

Switchc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Switch

Is defined by
http://dbpedia.org/resource/Network_switch
has super-classes
Network Node c

Symmetric Cryptographyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1573.001

has super-classes
Encrypted Channel c
is also defined as
named individual

Symmetric Keyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SymmetricKey

has super-classes
Cryptographic Key c

Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#System

Is defined by
http://wordnet-rdf.princeton.edu/id/04384144-n
has super-classes
Artifact c
has sub-classes
Digital System c

System Callc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemCall

has super-classes
Digital Artifact c, Digital Event c
has sub-classes
Allocate Memory c, Authenticate User c, Connect Socket c, Copy Token c, Create File c, Create Process c, Create Socket c, Create Thread c, Free Memory c, Get Open Sockets c, Get Open Windows c, Get Running Processes c, Get Screen Capture c, Get System Time c, Impersonate User c, Logon User c, Move File c, Open File c, Read File c, Suspend Process c, System Config System Call c, Terminate Process c, Trace Process c, Write File c
is also defined as
named individual

System Call Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemCallAnalysis

has super-classes
Process Analysis c
has sub-classes
File Creation Analysis c
has members
File Creation Analysis ni
is also defined as
named individual

System Call Filteringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemCallFiltering

has super-classes
Kernel-based Process Isolation c
is also defined as
named individual

System Checksc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1497.001

has super-classes
Virtualization/Sandbox Evasion c

System Config System Callc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigSystemCall

has super-classes
System Call c
has sub-classes
Get System Config Value c, Set System Config Value c

System Configuration Databasec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigurationDatabase

has super-classes
Database c
has sub-classes
Windows Registry c
is also defined as
named individual

System Configuration Database Recordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigurationDatabaseRecord

has super-classes
Configuration Database Record c, Operating System Configuration Component c
has sub-classes
System Configuration Init Database Record c, Windows Registry Key c
is also defined as
named individual

System Configuration Init Database Recordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigurationInitDatabaseRecord

has super-classes
System Configuration Database Record c, System Configuration Init Resource c, System Init Configuration c
is also defined as
named individual

System Configuration Init Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigurationInitResource

has super-classes
Local Resource c
has sub-classes
System Configuration Init Database Record c, System Init Script c, System Startup Directory c

System Configuration Permissionsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigurationPermissions

has super-classes
Platform Hardening c
is also defined as
named individual

System Daemon Monitoringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemDaemonMonitoring

has super-classes
Operating System Monitoring c
is also defined as
named individual

System Dependencyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemDependency

has super-classes
Dependency c
is also defined as
named individual

System Dependency Mappingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemDependencyMapping

has super-classes
System Mapping c
is also defined as
named individual

System File Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemFileAnalysis

has super-classes
Operating System Monitoring c
has sub-classes
Service Binary Verification c
has members
Service Binary Verification ni
is also defined as
named individual

System Firewall Configurationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemFirewallConfiguration

has super-classes
Operating System Configuration Component c
is also defined as
named individual

System Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemFirmware

has super-classes
Firmware c
is also defined as
named individual

System Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1019

has super-classes
Persistence Technique c

System Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.001

has super-classes
Pre-OS Boot c
is also defined as
named individual

System Firmware Verificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemFirmwareVerification

has super-classes
Firmware Verification c
is also defined as
named individual

System Information Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1082

has super-classes
Discovery Technique c
is also defined as
named individual

System Init Config Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemInitConfigAnalysis

has super-classes
Operating System Monitoring c
is also defined as
named individual

System Init Configurationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemInitConfiguration

has super-classes
Operating System Configuration Component c
has sub-classes
System Configuration Init Database Record c, System Init Script c, System Startup Directory c
is also defined as
named individual

System Init Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemInitProcess

has super-classes
Operating System Process c

System Init Scriptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemInitScript

has super-classes
Executable Script c, System Configuration Init Resource c, System Init Configuration c
is also defined as
named individual

System Language Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1614.001

has super-classes
System Location Discovery c
is also defined as
named individual

System Location Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1614

has super-classes
Discovery Technique c
has sub-classes
System Language Discovery c
is also defined as
named individual

System Mappingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemMapping

has super-classes
Defensive Technique c
has sub-classes
Data Exchange Mapping c, Service Dependency Mapping c, System Dependency Mapping c, System Vulnerability Assessment c
has members
Data Exchange Mapping ni, Service Dependency Mapping ni, System Dependency Mapping ni, System Vulnerability Assessment ni
is also defined as
named individual

System Network Configuration Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1016

has super-classes
Discovery Technique c
has sub-classes
Internet Connection Discovery c
is also defined as
named individual

System Network Connections Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1049

has super-classes
Discovery Technique c
is also defined as
named individual

System Owner/User Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1033

has super-classes
Discovery Technique c
is also defined as
named individual

System Password Databasec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemPasswordDatabase

has super-classes
Password Database c
is also defined as
named individual

System Service Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1007

has super-classes
Discovery Technique c
is also defined as
named individual

System Service Softwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemServiceSoftware

has super-classes
Software c
has sub-classes
Local Authentication Service c, Local Authorization Service c, Task Scheduler Software c
is also defined as
named individual

System Servicesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1569

has super-classes
Execution Technique c
has sub-classes
Launchctl c, Service Execution c

System Shutdown/Rebootc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1529

has super-classes
Impact Technique c

System Softwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemSoftware

has super-classes
Software c
has sub-classes
Host-based Firewall c, Kernel c

System Startup Directoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemStartupDirectory

has super-classes
Directory c, System Configuration Init Resource c, System Init Configuration c
is also defined as
named individual

System Time Applicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemTimeApplication

has super-classes
Utility Software c
is also defined as
named individual

System Time Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1124

has super-classes
Discovery Technique c
is also defined as
named individual

System Utilization Recordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemUtilizationRecord

has super-classes
Record c

System Vulnerability Assessmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemVulnerabilityAssessment

has super-classes
System Mapping c
is also defined as
named individual

Systemd Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1501

has super-classes
Persistence Technique c

Systemd Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.002

has super-classes
Create or Modify System Process c
is also defined as
named individual

Systemd Timersc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.006

has super-classes
Scheduled Task/Job Execution c

Tablet Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TabletComputer

Is defined by
http://dbpedia.org/resource/Tablet_computer
has super-classes
Personal Computer c

Taint Shared Contentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1080

has super-classes
Lateral Movement Technique c
is also defined as
named individual

Target Audiencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TargetAudience

has super-classes
D3FEND Use Case Thing c
is disjoint with
D3FEND Use Case c, Use Case Goal c, Use Case Prerequisite c, Use Case Procedure c, Use Case Step c

Task Schedulec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TaskSchedule

has super-classes
Digital Artifact c
is also defined as
named individual

Task Scheduler Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TaskSchedulerProcess

has super-classes
Operating System Process c

Task Scheduler Softwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TaskSchedulerSoftware

has super-classes
System Service Software c

Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Technique

has super-classes
D3FEND Thing c
has sub-classes
Defensive Technique c, Offensive Technique c
is in domain of
kb-article
is in range of
kb-reference-of op
has members
Defensive Technique ni

Technique Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TechniqueReference

has super-classes
D3FEND Thing c
has sub-classes
Academic Paper Reference c, Book Reference c, External Knowledge Base c, Internet Article Reference c, Patent Reference c, Policy Reference c, Source Code Reference c, Specification Reference c, User Manual Reference c
has members
Reference - Certificate Transparency ni, Reference - Certificate and Public Key Pinning ni, Reference - FWTK Documentation - fwtk.org ni, Reference - StreamingPhish ni, Reference - Use Rkill to Stop Malware Processes - ghacks.net ni

Template Injectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1221

has super-classes
Defense Evasion Technique c

Terminal Services DLLc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.005

has super-classes
Server Software Component c

Terminate Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TerminateProcess

has super-classes
System Call c
is also defined as
named individual

Tertiary Storagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TertiaryStorage

Is defined by
https://en.wikipedia.org/wiki/Computer_data_storage#Tertiary_storage
has super-classes
Hardware Device c, Memory Block c, Secondary Storage c

Test Execution Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TestExecutionTool

Is defined by
http://dbpedia.org/resource/Test_execution_engine
has super-classes
Developer Application c
has sub-classes
Integration Test Execution Tool c, Unit Test Execution Tool c

TFTP Bootc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.005

has super-classes
Pre-OS Boot c

Thin Client Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ThinClientComputer

Is defined by
http://dbpedia.org/resource/Thin_client
has super-classes
Shared Computer c
has sub-classes
Zero Client Computer c

Threadc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Thread

has super-classes
Digital Artifact c
is also defined as
named individual

Thread Execution Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.003

has super-classes
Process Injection c
is also defined as
named individual

Thread Local Storagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.005

has super-classes
Process Injection c
is also defined as
named individual

Thread Start Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ThreadStartFunction

has super-classes
Subroutine c
is also defined as
named individual

Threat Intel Vendorsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1597.001

has super-classes
Search Closed Sources c

Ticket Granting Ticketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TicketGrantingTicket

Is defined by
http://dbpedia.org/resource/Ticket_Granting_Ticket
has super-classes
Access Token c
has sub-classes
Kerberos Ticket Granting Ticket c

Time Based Evasionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1497.003

has super-classes
Virtualization/Sandbox Evasion c
is also defined as
named individual

Time Providersc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1209

has super-classes
Persistence Technique c

Time Providersc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.003

has super-classes
Boot or Logon Autostart Execution c
is also defined as
named individual

Timestompc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.006

has super-classes
Indicator Removal on Host c
is also defined as
named individual

Timestompc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1099

has super-classes
Defense Evasion Technique c

Token Impersonation/Theftc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.001

has super-classes
Access Token Manipulation c
is also defined as
named individual

Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1588.002

has super-classes
Obtain Capabilities c

TPM Boot Integrityc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TPMBootIntegrity

has super-classes
Platform Hardening c
is also defined as
named individual

Trace Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TraceProcess

has super-classes
System Call c
is also defined as
named individual

Traffic Duplicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1020.001

has super-classes
Automated Exfiltration c

Traffic Signalingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1205

has super-classes
Command and Control Technique c, Defense Evasion Technique c, Persistence Technique c
has sub-classes
Port Knocking c
is also defined as
named individual

Transfer Agent Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TransferAgentAuthentication

has super-classes
Message Hardening c
is also defined as
named individual

Transfer Data to Cloud Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1537

has super-classes
Exfiltration Technique c

Translation Lookaside Bufferc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TranslationLookasideBuffer

has super-classes
Memory Management Unit Component c
is also defined as
named individual

Transmitted Data Manipulationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1493

has super-classes
Impact Technique c

Transmitted Data Manipulationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1565.002

has super-classes
Data Manipulation c
is also defined as
named individual

Transport Agentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.002

has super-classes
Server Software Component c
is also defined as
named individual

Trapc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1154

has super-classes
Execution Technique c, Persistence Technique c

Trapc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.005

has super-classes
Event Triggered Execution c
is also defined as
named individual

Trust Storec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TrustStore

has super-classes
Digital Artifact c
has sub-classes
Certificate Trust Store c

Trusted Developer Utilities Proxy Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1127

has super-classes
Defense Evasion Technique c
has sub-classes
MSBuild c

Trusted Relationshipc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1199

has super-classes
Initial Access Technique c
is also defined as
named individual

Two-Factor Authentication Interceptionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1111

has super-classes
Credential Access Technique c
is also defined as
named individual

Uncommonly Used Portc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1065

has super-classes
Command and Control Technique c

Uncontrolled Resource Consumptionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-400

has super-classes
Weakness c

Unit Test Execution Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UnitTestExecutionTool

has super-classes
Test Execution Tool c

Unix Shell Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.004

has super-classes
Command and Scripting Interpreter Execution c

Unrestricted Upload of File with Dangerous Typec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-434

has super-classes
Weakness c
is also defined as
named individual

Unsecured Credentialsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552

has super-classes
Credential Access Technique c
has sub-classes
Bash History c, Cloud Instance Metadata API c, Container API c, Credentials in Files c, Credentials in Registry c, Group Policy Preferences c, Private Keys c
is also defined as
named individual

Unused/Unsupported Cloud Regionsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1535

has super-classes
Defense Evasion Technique c

Upload Malwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1608.001

has super-classes
Stage Capabilities c

Upload Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1608.002

has super-classes
Stage Capabilities c

URLc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#URL

has super-classes
Identifier c
has members
HTTP URL ni, HTTPS URL ni, Web Socket URL ni
is also defined as
named individual

URL Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#URLAnalysis

has super-classes
Identifier Analysis c
is also defined as
named individual

URL Reputation Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#URLReputationAnalysis

has super-classes
Identifier Reputation Analysis c
is also defined as
named individual

Use After Freec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-416

has super-classes
Weakness c

Use Alternate Authentication Materialc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550

has super-classes
Defense Evasion Technique c, Lateral Movement Technique c
has sub-classes
Application Access Token c, Pass The Hash c, Pass The Ticket c, Web Session Cookie c
is also defined as
named individual

Use Case Goalc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UseCaseGoal

has super-classes
D3FEND Use Case Thing c
is disjoint with
D3FEND Use Case c, Target Audience c, Use Case Prerequisite c, Use Case Procedure c, Use Case Step c

Use Case Prerequisitec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UseCasePrerequisite

has super-classes
D3FEND Use Case Thing c
is disjoint with
D3FEND Use Case c, Target Audience c, Use Case Goal c, Use Case Procedure c, Use Case Step c

Use Case Procedurec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UseCaseProcedure

has super-classes
D3FEND Use Case Thing c, procedure c
is disjoint with
D3FEND Use Case c, Target Audience c, Use Case Goal c, Use Case Prerequisite c, Use Case Step c

Use Case Stepc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UseCaseStep

has super-classes
D3FEND Use Case Thing c, step c
is disjoint with
D3FEND Use Case c, Target Audience c, Use Case Goal c, Use Case Prerequisite c, Use Case Procedure c

Use of Hard-coded Credentialsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-798

has super-classes
Weakness c
is also defined as
named individual

Userc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#User

has super-classes
Digital Artifact c
is also defined as
named individual

User Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserAccount

has super-classes
Digital Artifact c
has sub-classes
Cloud User Account c, Default User Account c, Domain User Account c, Local User Account c, Privileged User Account c
has members
LDIF Record ni
is also defined as
named individual

User Account Permissionsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserAccountPermissions

has super-classes
Credential Hardening c
is also defined as
named individual

User Actionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserAction

has super-classes
Digital Artifact c, Digital Event c
has sub-classes
Authentication c, Authorization c, Resource Access c
is also defined as
named individual

User Activity Based Checksc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1497.002

has super-classes
Virtualization/Sandbox Evasion c

User Applicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserApplication

has super-classes
Application c
has sub-classes
Application Installer c, Browser c, Browser Extension c, Collaborative Software c, Developer Application c, Office Application c

User Behaviorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserBehavior

has super-classes
Digital Artifact c
is also defined as
named individual

User Behavior Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserBehaviorAnalysis

has super-classes
Defensive Technique c
has sub-classes
Authentication Event Thresholding c, Authorization Event Thresholding c, Credential Compromise Scope Analysis c, Domain Account Monitoring c, Job Function Access Pattern Analysis c, Local Account Monitoring c, Resource Access Pattern Analysis c, Session Duration Analysis c, User Data Transfer Analysis c, User Geolocation Logon Pattern Analysis c, Web Session Activity Analysis c
has members
Authentication Event Thresholding ni, Authorization Event Thresholding ni, Credential Compromise Scope Analysis ni, Domain Account Monitoring ni, Job Function Access Pattern Analysis ni, Local Account Monitoring ni, Resource Access Pattern Analysis ni, Session Duration Analysis ni, User Data Transfer Analysis ni, User Geolocation Logon Pattern Analysis ni, Web Session Activity Analysis ni
is also defined as
named individual

User Data Transfer Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserDataTransferAnalysis

has super-classes
User Behavior Analysis c
is also defined as
named individual

User Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1204

has super-classes
Execution Technique c
has sub-classes
Malicious File Execution c, Malicious Image c, Malicious Link Execution c

User Geolocation Logon Pattern Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserGeolocationLogonPatternAnalysis

has super-classes
User Behavior Analysis c
is also defined as
named individual

User Init Configuration Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserInitConfigurationFile

has super-classes
Configuration File c, User Logon Init Resource c
is also defined as
named individual

User Init Scriptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserInitScript

has super-classes
Executable Script c, Init Script c, User Logon Init Resource c
has sub-classes
PowerShell Profile Script c
is also defined as
named individual

User Input Functionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserInputFunction

has super-classes
Input Function c
is also defined as
named individual

User Interfacec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserInterface

Is defined by
http://dbpedia.org/resource/User_interface
has super-classes
Digital Artifact c
has sub-classes
Command Line Interface c, Graphical User Interface c

User Logon Init Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserLogonInitResource

has super-classes
Local Resource c
has sub-classes
User Init Configuration File c, User Init Script c, User Startup Directory c, User Startup Script File c
is also defined as
named individual

User Manualc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserManual

has super-classes
Document c
is also defined as
named individual

User Manual Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserManualReference

has super-classes
Technique Reference c
has members
Reference - /DYNAMICBASE (Use address space layout randomization) - Microsoft Docs ni, Reference - /GS (Buffer Security Check) - Microsoft Docs ni, Reference - /SAFESEH (Image has Safe Exception Handlers) - Microsoft Docs ni, Reference - Cisco ASR 9000 Series Aggregation Services Routers - Access List Commands ni, Reference - File and Folder Permissions ni, Reference - Libre NMS - Network Map Extension ni, Reference - Libre NMS - Oxidized Extension ni, Reference - Mitigate threats by using Windows 10 security features: Data Execution Prevention - Microsoft ni, Reference - Qualys Network Passive Sensor Getting Started Guide ni, Reference - Registry Key Security and Access Rights ni, Reference - Reverse DNS Blocking - Barracuda Networks ni, Reference - SNMP - Network Auto-Discovery ni, Reference - Tivoli Application Dependency Discovery Manager 7.3.0 - Dependencies between resources ni, Reference - Use DNS Policy for Applying Filters on DNS Queries ni

User Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserProcess

has super-classes
Process c
has sub-classes
Application Process c
is also defined as
named individual

User Session Init Config Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserSessionInitConfigAnalysis

has super-classes
Operating System Monitoring c
is also defined as
named individual

User Startup Directoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserStartupDirectory

has super-classes
User Logon Init Resource c
is also defined as
named individual

User Startup Script Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserStartupScriptFile

has super-classes
Executable Script c, User Logon Init Resource c
is also defined as
named individual

User to User Messagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserToUserMessage

has super-classes
Digital Artifact c
is also defined as
named individual

Utility Softwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UtilitySoftware

Is defined by
http://dbpedia.org/resource/Utility_software
has super-classes
Software c
has sub-classes
System Time Application c

Valid Accountsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078

has super-classes
Defense Evasion Technique c, Initial Access Technique c, Persistence Technique c, Privilege Escalation Technique c
has sub-classes
Cloud Accounts c, Default Accounts c, Domain Accounts c, Local Accounts c
is also defined as
named individual

VBA Stompingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.007

has super-classes
Hide Artifacts c
is also defined as
named individual

VBScript Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.005

has super-classes
Command and Scripting Interpreter Execution c

VDSO Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.014

has super-classes
Process Injection c
is also defined as
named individual

Vendorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Vendor

has super-classes
Provider c

Verclsidc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.012

has super-classes
Signed Binary Proxy Execution c

Version Control Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#VersionControlTool

Is defined by
http://dbpedia.org/resource/Version_control
has super-classes
Developer Application c

Video Capturec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1125

has super-classes
Collection Technique c
is also defined as
named individual

Video Input Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#VideoInputDevice

has super-classes
Input Device c
has sub-classes
Image Scanner Input Device c
is also defined as
named individual

Virtual Addressc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#VirtualAddress

has super-classes
Memory Address c
is also defined as
named individual

Virtual Memory Spacec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#VirtualMemorySpace

Is defined by
https://whatis.techtarget.com/definition/memory
has super-classes
Memory Address Space c

Virtual Private Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1583.003

has super-classes
Acquire Infrastructure c

Virtual Private Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1584.003

has super-classes
Compromise Infrastructure c

Virtualization Softwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#VirtualizationSoftware

has super-classes
Service Application c
is also defined as
named individual

Virtualization/Sandbox Evasionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1497

has super-classes
Defense Evasion Technique c
has sub-classes
System Checks c, Time Based Evasion c, User Activity Based Checks c

VNCc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.005

has super-classes
Remote Services c

Volumec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Volume

has super-classes
Digital Artifact c
is also defined as
named individual

Volume Boot Recordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#VolumeBootRecord

has super-classes
Boot Record c
is also defined as
named individual

VPN Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#VPNServer

Is defined by
https://www.techopedia.com/definition/30750/vpn-server
has super-classes
Server c

Vulnerabilitiesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1588.006

has super-classes
Obtain Capabilities c

vulnerabilityc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Vulnerability

has super-classes
D3FEND Thing c
is also defined as
named individual

Vulnerability Scanningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1595.002

has super-classes
Active Scanning c

Weaken Encryptionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1600

has super-classes
Defense Evasion Technique c
has sub-classes
Disable Crypto Hardware c, Reduce Key Space c

Weaknessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Weakness

has super-classes
D3FEND Thing c
has sub-classes
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') c, Cross-Site Request Forgery (CSRF) c, Deserialization of Untrusted Data c, Improper Authentication c, Improper Control of Generation of Code ('Code Injection') c, Improper Input Validation c, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') c, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') c, Improper Neutralization of Special Elements used in a Command ('Command Injection') c, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') c, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') c, Improper Restriction of Operations within the Bounds of a Memory Buffer c, Improper Restriction of XML External Entity Reference c, Incorrect Default Permissions c, Integer Overflow or Wraparound c, Missing Authentication for Critical Function c, Missing Authorization c, NULL Pointer Dereference c, Out-of-bounds Read c, Out-of-bounds Write c, Server-Side Request Forgery (SSRF) c, Uncontrolled Resource Consumption c, Unrestricted Upload of File with Dangerous Type c, Use After Free c, Use of Hard-coded Credentials c
is in domain of
may be weakness of op
is in range of
may have weakness op

Web Application Firewallc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebApplicationFirewall

Is defined by
http://dbpedia.org/resource/Web_application_firewall
has super-classes
Application Layer Firewall c

Web Application Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebApplicationServer

Is defined by
http://dbpedia.org/resource/Application_server
has super-classes
Web Server c

Web Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebAuthentication

has super-classes
Authentication c
has sub-classes
Cloud Service Authentication c
is also defined as
named individual

Web Cookiesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1606.001

has super-classes
Forge Web Credentials c

Web File Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebFileResource

has super-classes
Network File Resource c
is also defined as
named individual

Web Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebNetworkTraffic

has super-classes
Network Traffic c
has sub-classes
Intranet Web Network Traffic c, Outbound Internet Web Traffic c
is also defined as
named individual

Web Portal Capturec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.003

has super-classes
Input Capture c
is also defined as
named individual

Web Protocolsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.001

has super-classes
Application Layer Protocol c
is also defined as
named individual

Web Resource Accessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebResourceAccess

has super-classes
Network Resource Access c
is also defined as
named individual

Web Script Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebScriptFile

has super-classes
Executable Script c
is also defined as
named individual

Web Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebServer

has super-classes
Server c
has sub-classes
Artifact Server c, Web Application Server c
is also defined as
named individual

Web Server Applicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebServerApplication

has super-classes
Service Application c
is also defined as
named individual

Web Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1102

has super-classes
Command and Control Technique c
has sub-classes
Bidirectional Communication c, Dead Drop Resolver c, One-Way Communication c
is also defined as
named individual

Web Servicesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1583.006

has super-classes
Acquire Infrastructure c

Web Servicesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1584.006

has super-classes
Compromise Infrastructure c

Web Session Activity Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebSessionActivityAnalysis

has super-classes
User Behavior Analysis c
is also defined as
named individual

Web Session Cookiec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1506

has super-classes
Defense Evasion Technique c, Lateral Movement Technique c

Web Session Cookiec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.004

has super-classes
Use Alternate Authentication Material c
is also defined as
named individual

Web Shellc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1100

has super-classes
Persistence Technique c, Privilege Escalation Technique c

Web Shellc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.003

has super-classes
Server Software Component c
is also defined as
named individual

WHOISc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1596.002

has super-classes
Search Open Technical Databases c

Wide Area Networkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WideAreaNetwork

Is defined by
http://dbpedia.org/resource/Local_area_network
has super-classes
Network c

Windows Admin Sharesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1077

has super-classes
Lateral Movement Technique c

Windows Command Shell Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.003

has super-classes
Command and Scripting Interpreter Execution c

Windows Credential Managerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.004

has super-classes
Credentials from Password Stores c

Windows File and Directory Permissions Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1222.001

has super-classes
File and Directory Permissions Modification c

Windows Management Instrumentation Event Subscriptionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1084

has super-classes
Persistence Technique c

Windows Management Instrumentation Event Subscriptionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.003

has super-classes
Event Triggered Execution c
is also defined as
named individual

Windows Management Instrumentation Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1047

has super-classes
Execution Technique c
is also defined as
named individual

Windows Registryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WindowsRegistry

has super-classes
System Configuration Database c
is also defined as
named individual

Windows Registry Keyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WindowsRegistryKey

has super-classes
System Configuration Database Record c
is also defined as
named individual

Windows Remote Managementc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.006

has super-classes
Remote Services c

Windows Remote Managementc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1028

has super-classes
Execution Technique c, Lateral Movement Technique c

Windows Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.003

has super-classes
Create or Modify System Process c
is also defined as
named individual

Windows Shortcut Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WindowsShortcutFile

has super-classes
Shortcut File c
is also defined as
named individual

Winlogon Helper DLLc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1004

has super-classes
Persistence Technique c

Winlogon Helper DLLc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.004

has super-classes
Boot or Logon Autostart Execution c
is also defined as
named individual

Wireless Access Pointc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WirelessAccessPoint

Is defined by
http://dbpedia.org/resource/Wireless_access_point
has super-classes
Network Node c, RF Transceiver c
has sub-classes
Wireless Router c

Wireless Routerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WirelessRouter

Is defined by
http://dbpedia.org/resource/Wireless_router
has super-classes
Router c, Wireless Access Point c

Wordlist Scanningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1595.003

has super-classes
Active Scanning c

Write Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WriteFile

has super-classes
System Call c
is also defined as
named individual

XDG Autostart Entriesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.013

has super-classes
Boot or Logon Autostart Execution c

XPC Servicesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1559.003

has super-classes
Inter-Process Communication Execution c

XSL Script Processingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1220

has super-classes
Defense Evasion Technique c
is also defined as
named individual

Zero Client Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ZeroClientComputer

Is defined by
http://dbpedia.org/resource/Thin_client#Zero_client
has super-classes
Thin Client Computer c

Object Properties

abusesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#abuses

Is defined by
http://wordnet-rdf.princeton.edu/id/01163606-v
has super-properties
uses op

accessed-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#accessed-by

has super-properties
associated-with op, may-be-accessed-by op
is inverse of
accesses op

accessesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#accesses

Is defined by
http://wordnet-rdf.princeton.edu/id/02673854-n
has super-properties
associated-with op, may-access op
has sub-properties
executes op, modifies op, reads op, writes op
has range
Network Resource c
is inverse of
accessed-by op

addressed-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#addressed-by

has super-properties
associated-with op
has domain
Resource c
has range
Identifier c
is inverse of
addresses op

addressesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#addresses

has super-properties
associated-with op
has domain
Identifier c
has range
Resource c
is inverse of
addressed-by op

addsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#adds

has super-properties
associated-with op, may-add op

analyzesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#analyzes

Is defined by
http://wordnet-rdf.princeton.edu/id/00738221-v
has super-properties
associated-with op, detects op
has sub-properties
verifies op

assessed-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#assessed-by

has super-properties
d3fend-catalog-object-property op
is inverse of
assesses op

assessesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#assesses

has super-properties
d3fend-catalog-object-property op
has domain
Defensive Technique Claim c
has range
Defensive Technique Assessment c
is inverse of
assessed-by op

associated-withop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#associated-with

attached-toop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#attached-to

Is defined by
http://wordnet-rdf.princeton.edu/id/01980375-s
has super-properties
associated-with op

attack-may-be-countered-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#attack-may-be-countered-by

authenticatesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#authenticates

Is defined by
http://wordnet-rdf.princeton.edu/id/01980375-s
has super-properties
associated-with op, hardens op

authorop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#author

has super-properties
creator op

authorizesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#authorizes

Is defined by
http://wordnet-rdf.princeton.edu/id/00804987-v
has super-properties
associated-with op, hardens op

blocksop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#blocks

Is defined by
http://wordnet-rdf.princeton.edu/id/01480024-v
has super-properties
counters op, filters op

broaderop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#broader

has super-properties
semantic-relation op

broader-transitiveop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#broader-transitive

has super-properties
semantic-relation op

cited-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#cited-by

has super-properties
d3fend-catalog-object-property op
is inverse of
cites op

citesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#cites

claimed-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#claimed-by

has super-properties
d3fend-catalog-object-property op
is inverse of
claims op

claimsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#claims

has super-properties
d3fend-catalog-object-property op
has sub-properties
features op
is inverse of
claimed-by op

configuresop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#configures

has super-properties
associated-with op, hardens op

connectsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#connects

Is defined by
http://wordnet-rdf.princeton.edu/id/01071413-v
has super-properties
associated-with op

contained-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#contained-by

has characteristics: transitive

has super-properties
associated-with op, may-be-contained-by op
is inverse of
contains op

containsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#contains

Is defined by
http://wordnet-rdf.princeton.edu/id/02639021-v

has characteristics: transitive

has super-properties
associated-with op, may-contain op
is inverse of
contained-by op

contributorop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#contributor

has super-properties
d3fend-catalog-object-property op
has sub-properties
creator op, evaluator op, submitter op, validator op
has range
thing c

copiesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#copies

Is defined by
http://wordnet-rdf.princeton.edu/id/01738810-v
has super-properties
creates op

copy-ofop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#copy-of

has super-properties
associated-with op

countersop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#counters

has super-properties
d3fend-catalog-object-property op, may-counter op
has sub-properties
blocks op, deceives op, detects op, evicts op, hardens op

created-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#created-by

has super-properties
associated-with op, may-be-created-by op
is inverse of
creates op

createsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#creates

Is defined by
http://wordnet-rdf.princeton.edu/id/01630392-v
has super-properties
associated-with op, may-create op
has sub-properties
copies op, forges op
is inverse of
created-by op

creatorop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#creator

has super-properties
contributor op
has sub-properties
author op

d3fend general object propertyop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#d3fend-general-object-property

has super-properties
d3fend object property op
has sub-properties
has procedure op

d3fend object propertyop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#d3fend-object-property

d3fend process object propertyop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#d3fend-process-object-property

has super-properties
d3fend object property op
has sub-properties
end op, fork op, next op, start op

d3fend use case object propertyop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#d3fend-use-case-object-property

has super-properties
d3fend object property op
has sub-properties
has audience op, has goal op, has prerequisite op

d3fend-catalog-object-propertyop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#d3fend-catalog-object-property

has super-properties
d3fend object property op
has sub-properties
assessed-by op, assesses op, cited-by op, cites op, claimed-by op, claims op, contributor op, counters op, has-evidence op, has-feature op, has-implementation op, has-member op, implemented-by op, implements op, latency op, license op, member-of op, producer op, produces op, provides op, publisher op, publishes op, seller op, sells op
is inverse of
cites op

d3fend-kb-object-propertyop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#d3fend-kb-object-property

has super-properties
d3fend object property op
has sub-properties
has contribution op, has contributor op, kb-reference op, kb-reference-of op

d3fend-tactical-verb-propertyop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#d3fend-tactical-verb-property

has super-properties
d3fend object property op
has sub-properties
deceives-with op, detects op, evicts op, hardens op, isolates op
has domain
Defensive Technique c
has range
Artifact c

deceivesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#deceives

has super-properties
counters op

deceives-withop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#deceives-with

has super-properties
d3fend-tactical-verb-property op
has sub-properties
spoofs op

deletesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#deletes

Is defined by
http://wordnet-rdf.princeton.edu/id/01001860-v
has super-properties
evicts op, modifies op

dependentop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#dependent

Is defined by
http://wordnet-rdf.princeton.edu/id/00729216-a
has super-properties
associated-with op

depends-onop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#dependsOn

Is defined by
http://wordnet-rdf.princeton.edu/id/00729216-a
x depends-on y: The entity x is contingent on y being available; x relies on y.
has super-properties
associated-with op
is inverse of
has-dependent op

detectsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#detects

has super-properties
counters op, d3fend-tactical-verb-property op
has sub-properties
analyzes op, monitors op

disablesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#disables

Is defined by
http://wordnet-rdf.princeton.edu/id/00513267-v
has super-properties
evicts op, may-disable op, modifies op

drivesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#drives

Is defined by
http://wordnet-rdf.princeton.edu/id/01184038-v
has super-properties
associated-with op

employed-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#employed-by

Is defined by
http://wordnet-rdf.princeton.edu/id/01161188-v
has super-properties
associated-with op
is inverse of
employs op

employsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#employs

has super-properties
associated-with op
is inverse of
employed-by op

enabled-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#enabled-by

Is defined by
http://wordnet-rdf.princeton.edu/id/00513958-v
has super-properties
associated-with op
is inverse of
enables op

enablesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#enables

Is defined by
http://wordnet-rdf.princeton.edu/id/00513958-v
has super-properties
associated-with op
is inverse of
enabled-by op

encryptsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#encrypts

Is defined by
http://wordnet-rdf.princeton.edu/id/00996121-v
has super-properties
associated-with op, hardens op

endop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#end

has super-properties
d3fend process object property op

enumeratesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#enumerates

has super-properties
reads op

evaluated-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#evaluated-by

has super-properties
associated-with op
is inverse of
evaluates op

evaluatesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#evaluates

has super-properties
associated-with op, may evaluate op
is inverse of
evaluated-by op

evaluatorop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#evaluator

has super-properties
contributor op

evictsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#evicts

has super-properties
counters op, d3fend-tactical-verb-property op, may-evict op
has sub-properties
deletes op, disables op, obfuscates op, suspends op, terminates op

exactlyop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#exactly

has super-properties
semantic-relation op

executesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#executes

Is defined by
http://wordnet-rdf.princeton.edu/id/02569242-v
has super-properties
accesses op, may-execute op, runs op
has sub-properties
injects op, interprets op, invokes op

expected-latencyop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#expected-latency

has super-properties
latency op
has range
latency op some Latency c

extendsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#extends

Is defined by
http://wordnet-rdf.princeton.edu/id/00541315-v
has super-properties
modifies op

featuresop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#features

has super-properties
claims op
has domain
Capability Feature Claim c
has range
Capability Feature c

filtersop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#filters

Is defined by
http://wordnet-rdf.princeton.edu/id/01461293-v
has super-properties
associated-with op, isolates op
has sub-properties
blocks op

forgesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#forges

has super-properties
creates op

forkop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#fork

has super-properties
d3fend process object property op

hardensop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#hardens

has super-properties
counters op, d3fend-tactical-verb-property op
has sub-properties
authenticates op, authorizes op, configures op, encrypts op, neutralizes op, strengthens op, updates op, validates op

has audienceop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-audience

has super-properties
d3fend use case object property op

has contributionop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-contribution

has super-properties
d3fend-kb-object-property op

has contributorop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-contributor

has super-properties
d3fend-kb-object-property op

has goalop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-goal

has super-properties
d3fend use case object property op

has prerequisiteop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-prerequisite

has super-properties
d3fend use case object property op

has procedureop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-procedure

has super-properties
d3fend general object property op

has weaknessop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-weakness

has super-properties
may have weakness op

has-accountop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-account

has super-properties
owns op

has-dependentop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-dependent

has super-properties
associated-with op
is inverse of
depends-on op

has-evidenceop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-evidence

has super-properties
d3fend-catalog-object-property op

has-featureop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-feature

has super-properties
d3fend-catalog-object-property op

has-implementationop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-implementation

has super-properties
d3fend-catalog-object-property op

has-locationop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-location

Is defined by
http://wordnet-rdf.princeton.edu/id/02133811-s
has super-properties
associated-with op

has-memberop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-member

has super-properties
d3fend-catalog-object-property op
is inverse of
member-of op

has-recipientop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-recipient

Is defined by
http://www.ontologyrepository.com/CommonCoreOntologies/has_recipient
has super-properties
associated-with op

has-senderop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#has-sender

Is defined by
http://www.ontologyrepository.com/CommonCoreOntologies/has_sender
has super-properties
associated-with op

hidesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#hides

has super-properties
associated-with op
has range
Digital Artifact c

identified byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#identified-by

has super-properties
associated-with op
is inverse of
identified by op, identified by op

identifiesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#identifies

has super-properties
associated-with op

impairsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#impairs

has super-properties
associated-with op

implemented-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#implemented-by

has super-properties
d3fend-catalog-object-property op
has range
Capability Implementation c
is inverse of
implements op

implementsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#implements

has super-properties
d3fend-catalog-object-property op
has domain
Capability Implementation c
is inverse of
implemented-by op

injectsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#injects

has super-properties
executes op

installsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#installs

Is defined by
http://wordnet-rdf.princeton.edu/id/01572394-v
has super-properties
associated-with op

instructed-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#instructed-by

has super-properties
associated-with op

instructsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#instructs

has super-properties
associated-with op

interpretsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#interprets

has super-properties
executes op, may-interpret op

inventoried-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#inventoried-by

has super-properties
associated-with op
is inverse of
inventories op

inventoriesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#inventories

has super-properties
associated-with op
is inverse of
inventoried-by op

invoked-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#invoked-by

has super-properties
associated-with op, may-be-invoked-by op
is inverse of
invokes op

invokesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#invokes

Is defined by
http://wordnet-rdf.princeton.edu/id/06599393-n
has super-properties
executes op, may-invoke op
is inverse of
invoked-by op

isolatesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#isolates

Is defined by
http://wordnet-rdf.princeton.edu/id/00496744-v
has super-properties
associated-with op, d3fend-tactical-verb-property op
has sub-properties
filters op

kb-referenceop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#kb-reference

has super-properties
d3fend-kb-object-property op
is inverse of
kb-reference-of op

kb-reference-ofop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#kb-reference-of

has super-properties
d3fend-kb-object-property op
has domain
Reference c
has range
Technique c
is inverse of
kb-reference op

latencyop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#latency

has super-properties
d3fend-catalog-object-property op
has sub-properties
expected-latency op
has range
latency op some Latency c

licenseop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#license

has super-properties
d3fend-catalog-object-property op
has range
license op some License c

limitsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#limits

Is defined by
http://wordnet-rdf.princeton.edu/id/13781154-n
has super-properties
restricts op
has sub-properties
use-limits op

loaded-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#loaded-by

has super-properties
associated-with op
is inverse of
loads op

loadsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#loads

Is defined by
http://wordnet-rdf.princeton.edu/id/02236692-v
has super-properties
associated-with op
is inverse of
loaded-by op

managesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#manages

Is defined by
http://wordnet-rdf.princeton.edu/id/02447914-v
has super-properties
associated-with op

mapped-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#mapped-by

has super-properties
associated-with op
is inverse of
maps op

mapsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#maps

has super-properties
may-map op
is inverse of
mapped-by op

may be weakness ofop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-be-weakness-of

has super-properties
may-be-associated-with op
has sub-properties
weakness of op
has domain
Weakness c
has range
Artifact c

may evaluateop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-evaluate

has super-properties
may-be-associated-with op
has sub-properties
evaluates op

may have weaknessop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-have-weakness

has super-properties
may-be-associated-with op
has sub-properties
has weakness op
has domain
Artifact c
has range
Weakness c

may-accessop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-access

has super-properties
may-be-associated-with op
has sub-properties
accesses op
is inverse of
may-be-accessed-by op

may-addop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-add

has super-properties
may-be-associated-with op
has sub-properties
adds op

may-be-accessed-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-be-accessed-by

has super-properties
may-be-associated-with op
has sub-properties
accessed-by op
is inverse of
may-access op

may-be-associated-withop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-be-associated-with

may-be-contained-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-be-contained-by

has characteristics: transitive

has super-properties
may-be-associated-with op
has sub-properties
contained-by op
is inverse of
may-contain op

may-be-created-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-be-created-by

has super-properties
may-be-associated-with op
has sub-properties
created-by op
is inverse of
may-create op

may-be-deceived-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-be-deceived-by

has super-properties
attack-may-be-countered-by op
is inverse of
may-deceive op

may-be-detected-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-be-detected-by

has super-properties
attack-may-be-countered-by op
is inverse of
may-detect op

may-be-evicted-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-be-evicted-by

has super-properties
attack-may-be-countered-by op
is inverse of
may-evict op

may-be-hardened-against-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-be-hardened-against-by

has super-properties
attack-may-be-countered-by op
is inverse of
may-harden op

may-be-invoked-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-be-invoked-by

has super-properties
may-be-associated-with op
has sub-properties
invoked-by op
is inverse of
may-invoke op

may-be-isolated-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-be-isolated-by

has super-properties
attack-may-be-countered-by op
is inverse of
may-isolate op

may-be-modified-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-be-modified-by

has super-properties
may-be-associated-with op
has sub-properties
modified-by op
is inverse of
may-modify op

may-be-tactically-associated-withop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-be-tactically-associated-with

has super-properties
may-be-associated-with op
has sub-properties
attack-may-be-countered-by op, may-counter-attack op
has domain
Defensive Technique c
has range
Offensive Technique c

may-containop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-contain

has characteristics: transitive

has super-properties
may-be-associated-with op
has sub-properties
contains op
is inverse of
may-be-contained-by op

may-counterop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-counter

has super-properties
may-be-associated-with op
has sub-properties
counters op, may-evict op

may-counter-attackop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-counter-attack

has super-properties
may-be-tactically-associated-with op
has sub-properties
may-deceive op, may-detect op, may-evict op, may-harden op, may-isolate op

may-createop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-create

has super-properties
may-be-associated-with op
has sub-properties
creates op
is inverse of
may-be-created-by op

may-deceiveop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-deceive

has super-properties
may-counter-attack op
is inverse of
may-be-deceived-by op

may-detectop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-detect

has super-properties
may-counter-attack op
is inverse of
may-be-detected-by op

may-disableop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-disable

has super-properties
may-evict op
has sub-properties
disables op

may-evictop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-evict

has super-properties
may-counter op, may-counter-attack op
has sub-properties
evicts op, may-disable op
is inverse of
may-be-evicted-by op

may-executeop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-execute

has super-properties
may-be-associated-with op
has sub-properties
executes op

may-hardenop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-harden

has super-properties
may-counter-attack op
is inverse of
may-be-hardened-against-by op

may-interpretop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-interpret

has super-properties
may-be-associated-with op
has sub-properties
interprets op

may-invokeop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-invoke

has super-properties
may-be-associated-with op
has sub-properties
invokes op
is inverse of
may-be-invoked-by op

may-isolateop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-isolate

has super-properties
may-counter-attack op
is inverse of
may-be-isolated-by op

may-mapop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-map

has super-properties
may-be-associated-with op
has sub-properties
maps op

may-modifyop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-modify

has super-properties
may-be-associated-with op
has sub-properties
modifies op, modifies-part op
is inverse of
may-be-modified-by op

may-produceop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-produce

has super-properties
may-be-associated-with op
has sub-properties
produces op

may-queryop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-query

has super-properties
may-be-associated-with op
has sub-properties
queries op

may-runop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-run

has super-properties
may-be-associated-with op
has sub-properties
runs op

may-transferop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#may-transfer

has super-properties
may-be-associated-with op

member-ofop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#member-of

has super-properties
d3fend-catalog-object-property op
is inverse of
has-member op

modified-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#modified-by

has super-properties
associated-with op, may-be-modified-by op
is inverse of
modifies op

modifiesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#modifies

Is defined by
http://wordnet-rdf.princeton.edu/id/00126072-v
has super-properties
accesses op, associated-with op, may-modify op
has sub-properties
deletes op, disables op, extends op, obfuscates op, updates op
is inverse of
modified-by op

modifies-partop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#modifies-part

has super-properties
may-modify op
has sub-property chains
modifies op o contains op

monitorsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#monitors

Is defined by
http://wordnet-rdf.princeton.edu/id/02167732-v
has super-properties
associated-with op, detects op

narrowerop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#narrower

has super-properties
semantic-relation op

narrower-transitiveop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#narrower-transitive

has super-properties
semantic-relation op

neutralizesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#neutralizes

Is defined by
http://wordnet-rdf.princeton.edu/id/00471015-v
has super-properties
associated-with op, hardens op

obfuscatesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#obfuscates

Is defined by
http://wordnet-rdf.princeton.edu/id/00942245-v
has super-properties
evicts op, modifies op

originates-fromop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#originates-from

Is defined by
http://wordnet-rdf.princeton.edu/id/02749218-v
has super-properties
associated-with op

ownsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#owns

Is defined by
http://wordnet-rdf.princeton.edu/id/02209474-v
has super-properties
associated-with op
has sub-properties
has-account op

process-ancestorop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#process-ancestor

has characteristics: transitive

has super-properties
process-property op
has sub-properties
process-parent op

process-image-pathop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#process-image-path

has super-properties
process-property op

process-parentop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#process-parent

has super-properties
process-ancestor op

process-propertyop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#process-property

has super-properties
associated-with op
has sub-properties
process-ancestor op, process-image-path op, process-user op

process-userop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#process-user

has super-properties
process-property op

produced-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#produced-by

has super-properties
associated-with op
is inverse of
produces op

producerop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#producer

has super-properties
d3fend-catalog-object-property op
is inverse of
produces op

producesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#produces

Is defined by
http://wordnet-rdf.princeton.edu/id/01625832-v
has super-properties
associated-with op, d3fend-catalog-object-property op, may-produce op
is inverse of
produced-by op, producer op

providerop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#provider

Is defined by
http://wordnet-rdf.princeton.edu/id/05901034-n
has super-properties
associated-with op

providesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#provides

has super-properties
d3fend-catalog-object-property op

publisherop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#publisher

has super-properties
d3fend-catalog-object-property op
is inverse of
publishes op

publishesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#publishes

has super-properties
d3fend-catalog-object-property op
is inverse of
publisher op

queriesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#queries

has super-properties
associated-with op, may-query op

readsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#reads

has super-properties
accesses op
has sub-properties
enumerates op

recorded-inop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#recorded-in

has super-properties
associated-with op

recordsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#records

Is defined by
http://wordnet-rdf.princeton.edu/id/01002259-v
has super-properties
associated-with op

restrictsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#restricts

Is defined by
http://wordnet-rdf.princeton.edu/id/00234091-v
has super-properties
associated-with op
has sub-properties
limits op

runsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#runs

has super-properties
associated-with op, may-run op
has sub-properties
executes op

sellerop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#seller

has super-properties
d3fend-catalog-object-property op
is inverse of
sells op

sellsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#sells

has super-properties
d3fend-catalog-object-property op
is inverse of
seller op

semantic-relationop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#semantic-relation

has super-properties
associated-with op
has sub-properties
broader op, broader-transitive op, exactly op, narrower op, narrower-transitive op, related op

spoofsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#spoofs

has super-properties
associated-with op, deceives-with op

startop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#start

has super-properties
d3fend process object property op

strengthensop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#strengthens

Is defined by
http://wordnet-rdf.princeton.edu/id/00165779-v
has super-properties
associated-with op, hardens op

submitterop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#submitter

has super-properties
contributor op

summarizesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#summarizes

Is defined by
http://wordnet-rdf.princeton.edu/id/02758570-v
has super-properties
associated-with op

suspendsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#suspends

Is defined by
http://wordnet-rdf.princeton.edu/id/00543748-v
has super-properties
evicts op

terminatesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#terminates

Is defined by
http://wordnet-rdf.princeton.edu/id/00353480-v
has super-properties
associated-with op, evicts op

unmountsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#unmounts

has super-properties
associated-with op

updatesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#updates

has super-properties
hardens op, modifies op

use-limitsop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#use-limits

has super-properties
limits op

used-byop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#used-by

has super-properties
associated-with op
is inverse of
uses op

usesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#uses

Is defined by
http://wordnet-rdf.princeton.edu/id/01161188-v
has super-properties
associated-with op
has sub-properties
abuses op
is inverse of
used-by op

validatesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#validates

Is defined by
http://wordnet-rdf.princeton.edu/id/00669142-v
has super-properties
associated-with op, hardens op

validatorop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#validator

has super-properties
contributor op

verifiesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#verifies

Is defined by
http://wordnet-rdf.princeton.edu/id/00666401-v
has super-properties
analyzes op, associated-with op

weakness ofop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#weakness-of

has super-properties
may be weakness of op

writesop back to ToC or Object Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#writes

has super-properties
accesses op

Data Properties

archived-atdp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#archived-at

has super-properties
d3fend-catalog-data-property dp
has range
anyURI

attack-kb-data-propertydp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#attack-kb-data-property

has super-properties
top data property

capec-iddp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#capec-id

has super-properties
d3fend-kb-data-property dp

commentsdp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#comments

has characteristics: functional

has super-properties
d3fend-catalog-data-property dp
has domain
Capability Feature Claim c
has range
string

confidencedp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#confidence

has super-properties
d3fend-catalog-data-property dp

control-namedp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#control-name

has super-properties
d3fend-external-control-data-property dp

d3fend-artifact-data-propertydp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#d3fend-artifact-data-property

has super-properties
d3fend-data-property dp
has sub-properties
process-data-property dp, windows-registry-data-property dp
has domain
Digital Artifact c

d3fend-catalog-data-propertydp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#d3fend-catalog-data-property

has super-properties
d3fend-data-property dp, d3fend-external-control-data-property dp
has sub-properties
archived-at dp, comments dp, confidence dp, expectation rating dp, identifier dp, name dp, operating-system dp, rating dp, stage dp, text dp, title dp, version dp

d3fend-commentdp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#d3fend-comment

has super-properties
d3fend-kb-data-property dp

d3fend-data-propertydp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#d3fend-data-property

d3fend-display-propertydp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#d3fend-display-property

has super-properties
d3fend-data-property dp

d3fend-external-control-data-propertydp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#d3fend-external-control-data-property

has super-properties
d3fend-data-property dp
has sub-properties
control-name dp, d3fend-catalog-data-property dp, version dp

d3fend-iddp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#d3fend-id

has super-properties
d3fend-kb-data-property dp

d3fend-kb-data-propertydp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#d3fend-kb-data-property

has super-properties
d3fend-data-property dp
has sub-properties
capec-id dp, d3fend-comment dp, d3fend-id dp, has-link dp, kb-reference-title dp

datedp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#date

has super-properties
d3fend-data-property dp
has sub-properties
date available dp, date created dp, date issued dp, date modified dp, date published dp, date valid dp
has range
date time

date availabledp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#available

has super-properties
date dp
has range
date time

date createddp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#created

has super-properties
date dp
has range
date time

date issueddp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#issued

has super-properties
date dp
has range
date time

date modifieddp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#modified

has super-properties
date dp
has range
date time

date publisheddp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#published

has super-properties
date dp
has range
date time

date validdp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#valid

has super-properties
date dp
has range
date time

expectation ratingdp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#expectation-rating

has super-properties
d3fend-catalog-data-property dp

identifierdp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#identifier

has super-properties
d3fend-catalog-data-property dp
has range
string

kb-reference-titledp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#kb-reference-title

has super-properties
d3fend-kb-data-property dp
has domain
Reference c
has range
string

namedp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#name

has super-properties
d3fend-catalog-data-property dp

operating-systemdp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#operating-system

has super-properties
d3fend-catalog-data-property dp
has domain
Capability Implementation c
has range
string

process-command-line-argumentsdp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#process-command-line-arguments

has super-properties
process-data-property dp

process-data-propertydp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#process-data-property

process-environmental-variablesdp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#process-environmental-variables

has super-properties
process-data-property dp

process-identifierdp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#process-identifier

has super-properties
process-data-property dp

process-security-contextdp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#process-security-context

has super-properties
process-data-property dp
has domain
Process c

ratingdp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#rating

has characteristics: functional

has super-properties
d3fend-catalog-data-property dp

stagedp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#stage

has characteristics: functional

has super-properties
d3fend-catalog-data-property dp

textdp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#text

has super-properties
d3fend-catalog-data-property dp

titledp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#title

has super-properties
d3fend-catalog-data-property dp
has range
string

versiondp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#version

has characteristics: functional

has super-properties
d3fend-catalog-data-property dp, d3fend-external-control-data-property dp
has domain
Capability Implementation c or Control Catalog c
has range
integer or string

windows-registry-data-propertydp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#windows-registry-data-property

has super-properties
d3fend-artifact-data-property dp
has sub-properties
windows-registry-key dp, windows-registry-value dp

windows-registry-keydp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#windows-registry-key

has super-properties
windows-registry-data-property dp

windows-registry-valuedp back to ToC or Data Property ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#windows-registry-value

has super-properties
windows-registry-data-property dp

Named Individuals

.bash_profile and .bashrcni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.004

has facts
modifies op User Init Configuration File
is also defined as
class

/etc/passwd and /etc/shadowni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.008

has facts
accesses op Encrypted Credential
accesses op Password File
is also defined as
class

AC-17(8)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-17_8

belongs to
NIST Control c
has facts
broader op Executable Denylisting
member-of op NIST SP 800-53 R5
control-name dp "Remote Access | Disable Nonsecure Network Protocols"

AC-2(1)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_1

belongs to
NIST Control c
has facts
broader op Account Locking
broader op Multi-factor Authentication
member-of op NIST SP 800-53 R5
control-name dp "Account Management | Automated System Account Management"

AC-2(13)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_13

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Account Locking
control-name dp "Account Management | Disable Accounts for High-risk Individuals"

AC-2(2)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_2

belongs to
NIST Control c
has facts
broader op Account Locking
member-of op NIST SP 800-53 R5
control-name dp "Account Management | Automated Temporary and Emergency Account Management"

AC-2(3)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_3

belongs to
NIST Control c
has facts
broader op Account Locking
member-of op NIST SP 800-53 R5
control-name dp "Account Management | Disable Accounts"

AC-2(4)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_4

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
related op Domain Account Monitoring
control-name dp "Account Management | Automated Audit Actions"

AC-2(5)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_5

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
related op Account Locking
control-name dp "Account Management | Inactivity Logout"

AC-2(6)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_6

belongs to
NIST Control c
has facts
broader op Mandatory Access Control
member-of op NIST SP 800-53 R5
control-name dp "Account Management | Dynamic Privilege Management"

AC-2(7)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_7

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op User Account Permissions
control-name dp "Account Management | Privileged User Accounts"

AC-2(9)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_9

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Mandatory Access Control
narrower op User Account Permissions
control-name dp "Account Management | Restrictions on Use of Shared and Group Accounts"

AC-23ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-23

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Job Function Access Pattern Analysis
narrower op Local Account Monitoring
narrower op Resource Access Pattern Analysis
narrower op User Data Transfer Analysis
control-name dp "Data Mining Protection"

AC-24ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-24

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Mandatory Access Control
control-name dp "Access Control Decisions"

AC-24(1)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-24_1

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Mandatory Access Control
narrower op User Account Permissions
control-name dp "Access Control Decisions | Transmit Access Authorization Information"

AC-24(2)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-24_2

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Mandatory Access Control
narrower op User Account Permissions
control-name dp "Access Control Decisions | No User or Process Identity"

AC-3ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-3

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Executable Allowlisting
narrower op Executable Denylisting
narrower op Mandatory Access Control
control-name dp "Access Enforcement"

AC-3(11)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-3_11

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Mandatory Access Control
control-name dp "Access Enforcement | Restrict Access to Specific Information Types"

AC-3(13)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-3_13

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Mandatory Access Control
control-name dp "Access Enforcement | Attribute-based Access Control"

AC-3(3)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-3_3

belongs to
NIST Control c
has facts
exactly op Mandatory Access Control
member-of op NIST SP 800-53 R5
control-name dp "Access Enforcement | Mandatory Access Control"

AC-3(7)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-3_7

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Mandatory Access Control
control-name dp "Access Enforcement | Role-based Access Control"

AC-3(8)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-3_8

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Mandatory Access Control
narrower op System Call Filtering
control-name dp "Access Enforcement | Revocation of Access Authorizations"

AC-4ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement"

AC-4(1)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_1

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Object Security and Privacy Attributes"

AC-4(10)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_10

belongs to
NIST Control c
has facts
broader op Inbound Traffic Filtering
broader op Outbound Traffic Filtering
member-of op NIST SP 800-53 R5
control-name dp "Information Flow Enforcement | Enable and Disable Security or Privacy Policy Filters"

AC-4(11)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_11

belongs to
NIST Control c
has facts
broader op Inbound Traffic Filtering
broader op Outbound Traffic Filtering
member-of op NIST SP 800-53 R5
control-name dp "Information Flow Enforcement | Configuration of Security or Privacy Policy Filters"

AC-4(12)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_12

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Data Type Identifiers"

AC-4(13)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_13

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Decomposition into Policy-relevant Subcomponents"

AC-4(14)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_14

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Security or Privacy Policy Filter Constraints"

AC-4(15)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_15

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Detection of Unsanctioned Information"

AC-4(17)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_17

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Domain Trust Policy
control-name dp "Information Flow Enforcement | Domain Authentication"

AC-4(19)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_19

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Validation of Metadata"

AC-4(20)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_20

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Approved Solutions"

AC-4(21)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_21

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Physical or Logical Separation of Information Flows"

AC-4(26)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_26

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op File Content Rules
control-name dp "Information Flow Enforcement | Audit Filtering Actions"

AC-4(27)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_27

belongs to
NIST Control c
has facts
exactly op Inbound Traffic Filtering
exactly op Outbound Traffic Filtering
member-of op NIST SP 800-53 R5
control-name dp "Information Flow Enforcement | Redundant/independent Filtering Mechanisms"

AC-4(28)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_28

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Linear Filter Pipelines"

AC-4(29)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_29

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Filter Orchestration Engines"

AC-4(3)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_3

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Dynamic Information Flow Control"

AC-4(30)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_30

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Filter Mechanisms Using Multiple Processes"

AC-4(32)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_32

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Process Requirements for Information Transfer"

AC-4(4)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_4

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Flow Control of Encrypted Information"

AC-4(5)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_5

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Embedded Data Types"

AC-4(6)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_6

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Metadata"

AC-4(8)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_8

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
control-name dp "Information Flow Enforcement | Security and Privacy Policy Filters"

AC-5ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-5

belongs to
NIST Control c
has facts
broader op Local File Permissions
broader op Mandatory Access Control
broader op User Account Permissions
member-of op NIST SP 800-53 R5
control-name dp "Separation of Duties"

AC-6ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6

belongs to
NIST Control c
has facts
broader op Local File Permissions
broader op Mandatory Access Control
broader op User Account Permissions
member-of op NIST SP 800-53 R5
control-name dp "Least Privilege"

AC-6(1)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6_1

belongs to
NIST Control c
has facts
exactly op System Configuration Permissions
member-of op NIST SP 800-53 R5
control-name dp "Least Privilege | Authorize Access to Security Functions"

AC-6(10)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6_10

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Local File Permissions
narrower op Mandatory Access Control
narrower op System Configuration Permissions
control-name dp "Least Privilege | Prohibit Non-privileged Users from Executing Privileged Functions"

AC-6(3)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6_3

belongs to
NIST Control c
has facts
exactly op System Configuration Permissions
member-of op NIST SP 800-53 R5
control-name dp "Least Privilege | Network Access to Privileged Commands"

AC-6(4)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6_4

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Hardware-based Process Isolation
control-name dp "Least Privilege | Separate Processing Domains"

AC-6(5)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6_5

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Local File Permissions
narrower op Mandatory Access Control
narrower op System Configuration Permissions
control-name dp "Least Privilege | Privileged Accounts"

AC-6(6)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6_6

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Local File Permissions
narrower op Mandatory Access Control
narrower op System Configuration Permissions
control-name dp "Least Privilege | Privileged Access by Non-organizational Users"

AC-6(9)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6_9

belongs to
NIST Control c
has facts
broader op Local Account Monitoring
broader op User Behavior Analysis
member-of op NIST SP 800-53 R5
control-name dp "Least Privilege | Log Use of Privileged Functions"

AC-7ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-7

belongs to
NIST Control c
has facts
exactly op Account Locking
member-of op NIST SP 800-53 R5
control-name dp "Unsuccessful Logon Attempts"

AC-7(3)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-7_3

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Account Locking
control-name dp "Unsuccessful Logon Attempts | Biometric Attempt Limiting"

AC-7(4)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-7_4

belongs to
NIST Control c
has facts
broader op Account Locking
member-of op NIST SP 800-53 R5
control-name dp "Unsuccessful Logon Attempts | Use of Alternate Authentication Factor"

Access Modelingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AccessModeling

belongs to
Operational Activity Mapping c
has facts
kb-reference op Reference - RFC 7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements
maps op Access Control Configuration
maps op User Account
d3fend-id dp "D3-AM"
is also defined as
class

Accessibility Featuresni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.008

has facts
may-create op Intranet Administrative Network Traffic
may-modify op Executable Binary
may-modify op System Configuration Database Record
is also defined as
class

Account Access Removalni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1531

has facts
modifies op User Account
is also defined as
class

Account Lockingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AccountLocking

belongs to
Credential Eviction c
has facts
disables op User Account
kb-reference op Reference - Account monitoring - Forescout Technologies
kb-reference op Reference - Framework for notifying a directory service of authentication events processed outside the directory service - Oracle International Corp
date created dp "2020-08-05T00:00:00"^^date time
d3fend-id dp "D3-AL"
is also defined as
class

Account Manipulationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098

has facts
modifies op User Account
is also defined as
class

Account Use Policiesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1036

belongs to
ATTACK Mitigation c
has facts
related op Account Locking
related op Authentication Cache Invalidation
related op Authentication Event Thresholding
d3fend-comment dp "D3-AZET may be related (is potentially related though not called out in ATT&CK definition.)"

Active Certificate Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ActiveCertificateAnalysis

belongs to
Active Certificate Analysis c
Certificate Analysis c
has facts
kb-reference op Reference - Securing Web Transactions
date created dp "2020-08-05T00:00:00"^^date time
d3fend-id dp "D3-ACA"
is also defined as
class

Active Directory Configurationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1015

belongs to
ATTACK Mitigation c
has facts
related op Authentication Cache Invalidation
related op Domain Trust Policy
related op User Account Permissions
d3fend-comment dp "M1015 scope is broad, touches on an wide variety of techniques in D3FEND."

Active Logical Link Mappingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ActiveLogicalLinkMapping

belongs to
Logical Link Mapping c
has facts
kb-reference op Reference - Identification of traceroute nodes and associated devices
kb-reference op Reference - SNMP - Network Auto-Discovery
may-query op Network Agent
d3fend-id dp "D3-ALLM"
is also defined as
class

Active Physical Link Mappingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ActivePhysicalLinkMapping

belongs to
Physical Link Mapping c
is disjoint with
Passive Physical Link Mapping
has facts
kb-reference op Reference - Identification of traceroute nodes and associated devices
kb-reference op Reference - Using spanning tree protocol (STP) to enhance layer-2 topology maps
may-query op Network Agent
d3fend-id dp "D3-APLM"
is also defined as
class

Add Office 365 Global Administrator Roleni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.003

has facts
modifies op Global User Account
is also defined as
class

Add-insni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.006

has facts
adds op Software
may-modify op System Configuration Database
modifies op Office Application
is also defined as
class

Additional Azure Service Principal Credentialsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.001

has facts
creates op Credential
produces op Intranet Administrative Network Traffic
is also defined as
class

Administrative Network Activity Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AdministrativeNetworkActivityAnalysis

belongs to
Network Traffic Analysis c
has facts
analyzes op Intranet Administrative Network Traffic
kb-reference op Reference - Method and system for detecting suspicious administrative activity - Vectra Networks Inc
kb-reference op Reference - CAR-2014-11-005: Remote Registry - MITRE
kb-reference op Reference - CAR-2014-11-006: Windows Remote Management (WinRM) - MITRE
date created dp "2020-08-05T00:00:00"^^date time
d3fend-id dp "D3-ANAA"
is also defined as
class

Adobe PDF File 1.3ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AdobePDFFile1.3

belongs to
Document File c
has facts
may-contain op Javascript File

Allocate Memoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AllocateMemory

has facts
creates op Memory Block
is also defined as
class

AMD64 Code Segmentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AMD64CodeSegment

belongs to
Image Code Segment c
Process Code Segment c

Antivirus/Antimalwareni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1049

belongs to
ATTACK Mitigation c
has facts
related op File Content Rules
related op File Hashing
related op Process Analysis
d3fend-comment dp "Process Analysis and subclasses."

AppCert DLLsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.009

has facts
invokes op Create Process
loads op Shared Library File
modifies op System Configuration Database Record
is also defined as
class

AppInit DLLsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.010

has facts
invokes op Create Process
loads op Shared Library File
modifies op System Configuration Database Record
is also defined as
class

Applicationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Application

has facts
may-contain op Application Configuration
is also defined as
class

Application Access Tokenni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.001

has facts
may-produce op Network Traffic
uses op Access Token
is also defined as
class

Application Configuration Databaseni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfigurationDatabase

has facts
contains op Application Configuration Database Record
is also defined as
class

Application Configuration Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfigurationFile

has facts
contains op Application Configuration
is also defined as
class

Application Configuration Hardeningni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfigurationHardening

belongs to
Application Hardening c
has facts
hardens op Application Configuration
kb-reference op Reference - Red Hat Enterprise Linux 8 Security Technical Implementation Guide
kb-reference op Reference - Windows 10 STIG
d3fend-id dp "D3-ACH"
is also defined as
class

Application Developer Guidanceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1013

belongs to
ATTACK Mitigation c
has facts
d3fend-comment dp "A future release of D3FEND will define a taxonomy of Source Code Hardening Techniques."

Application Hardeningni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationHardening

belongs to
Defensive Technique c
has facts
enables op Harden
d3fend-id dp "D3-AH"
is also defined as
class

Application Inventory Sensorni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationInventorySensor

has facts
monitors op Application
is also defined as
class

Application Isolation and Sandboxingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1048

belongs to
ATTACK Mitigation c
has facts
related op Dynamic Analysis
related op Hardware-based Process Isolation
related op Mandatory Access Control
related op System Call Filtering
d3fend-comment dp ""Sandboxing" is often used to describe a detection environment which includes some forms of analysis (see D3-DA.)" Many forms of isolation (e.g., quarantining) are more static in nature and simply limit software's access to system resources."

Application Layer Protocolni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071

has facts
may-transfer op Certificate File
produces op Outbound Internet Network Traffic
is also defined as
class

Application Processni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationProcess

has facts
runs op Application
is also defined as
class

Application Shimmingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.011

has facts
creates op Shim
modifies op Shim Database
is also defined as
class

Application Window Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1010

has facts
may-invoke op Create Process
may-invoke op Get Open Windows
is also defined as
class

Archive Collected Datani back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560

has facts
creates op Archive File
is also defined as
class

Archive via Custom Methodni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560.003

has facts
creates op Custom Archive File
is also defined as
class

Archive via Libraryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560.002

has facts
creates op Archive File
is also defined as
class

Archive via Utilityni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560.001

has facts
creates op Archive File
is also defined as
class

ARM32 Code Segmentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ARM32CodeSegment

belongs to
Image Code Segment c
Process Code Segment c

ASCII Domain Nameni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ASCIIDomainName

belongs to
Domain Name c

Asset Inventoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AssetInventory

belongs to
Defensive Technique c
has facts
enables op Model
d3fend-id dp "D3-AI"
is also defined as
class

Asset Vulnerability Enumerationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AssetVulnerabilityEnumeration

belongs to
Asset Inventory c
has facts
evaluates op Digital Artifact
identifies op vulnerability
kb-reference op Reference - Automated computer vulnerability resolution system
kb-reference op Reference - Security vulnerability information aggregation
kb-reference op Reference - System and method for vulnerability risk analysis
d3fend-id dp "D3-AVE"
is also defined as
class

Asymmetric Cryptographyni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1573.002

has facts
creates op Outbound Internet Encrypted Traffic
may-transfer op Certificate File
is also defined as
class

Asynchronous Procedure Callni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.004

has facts
may-invoke op Create Process
is also defined as
class

AU-10(5)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-10_5

belongs to
NIST Control c
has facts
broader op Driver Load Integrity Checking
member-of op NIST SP 800-53 R5
control-name dp "Non-repudiation | Digital Signatures"

AU-14(2)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-14_2

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Local Account Monitoring
control-name dp "Session Audit | Capture and Record Content"

AU-15ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-15

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Local Account Monitoring
control-name dp "Alternate Audit Logging Capability"

AU-2ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-2

belongs to
NIST Control c
has facts
exactly op Local Account Monitoring
member-of op NIST SP 800-53 R5
control-name dp "Event Logging"

AU-2(1)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-2_1

belongs to
NIST Control c
has facts
exactly op Local Account Monitoring
member-of op NIST SP 800-53 R5
control-name dp "Event Logging | Compilation of Audit Records from Multiple Sources"

AU-2(2)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-2_2

belongs to
NIST Control c
has facts
exactly op Local Account Monitoring
member-of op NIST SP 800-53 R5
control-name dp "Event Logging | Selection of Audit Events by Component"

AU-3ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-3

belongs to
NIST Control c
has facts
exactly op Local Account Monitoring
member-of op NIST SP 800-53 R5
control-name dp "Content of Audit Records"

AU-4ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-4

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Local Account Monitoring
control-name dp "Audit Log Storage Capacity"

Audio Captureni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1123

has facts
accesses op Audio Input Device
is also defined as
class

Auditni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1047

belongs to
ATTACK Mitigation c
has facts
related op Domain Account Monitoring
related op Local Account Monitoring
related op System File Analysis
d3fend-comment dp "M1047 scope is broad, touches on an wide variety of techniques in d3fend."

Authenticate Userni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticateUser

has facts
authenticates op User Account
is also defined as
class

Authenticationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Authentication

belongs to
Authentication c
has facts
authenticates op User
may-create op Intranet Network Traffic
originates-from op Physical Location
is also defined as
class

Authentication Cache Invalidationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationCacheInvalidation

belongs to
Credential Eviction c
has facts
deletes op Credential
kb-reference op Reference - Secure caching of server credentials - Dell Products LP
kb-reference op Reference - System and method for providing an actively invalidated client-side network resource cache - IMVU
d3fend-id dp "D3-ANCI"
is also defined as
class

Authentication Event Thresholdingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationEventThresholding

belongs to
User Behavior Analysis c
has facts
analyzes op Authentication
kb-reference op Reference - Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - Idaptive LLC
kb-reference op Reference - CAR-2013-02-008: Simultaneous Logins on a Host - MITRE
kb-reference op Reference - CAR-2013-02-012: User Logged in to Multiple Hosts - MITRE
kb-reference op Reference - CAR-2013-10-001: User Login Activity Monitoring - MITRE
kb-reference op Reference - System, method, and computer program product for detecting and assessing security risks in a network - Exabeam Inc
date created dp "2020-08-05T00:00:00"^^date time
d3fend-id dp "D3-ANET"
is also defined as
class

Authentication Functionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationFunction

has facts
authenticates op User Account
is also defined as
class

Authentication Logni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationLog

has facts
records op Authentication
is also defined as
class

Authentication Packageni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.002

has facts
modifies op System Configuration Database Record
is also defined as
class

Authorizationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Authorization

has facts
authorizes op Network Resource Access
is also defined as
class

Authorization Event Thresholdingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthorizationEventThresholding

belongs to
User Behavior Analysis c
has facts
analyzes op Authorization
kb-reference op Reference - Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - Idaptive LLC
kb-reference op Reference - CAR-2013-09-003: SMB Session Setups - MITRE
kb-reference op Reference - CAR-2013-02-012: User Logged in to Multiple Hosts - MITRE
kb-reference op Reference - System, method, and computer program product for detecting and assessing security risks in a network - Exabeam Inc
date created dp "2020-08-05T00:00:00"^^date time
d3fend-id dp "D3-AZET"
is also defined as
class

Authorization Logni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthorizationLog

has facts
records op Network Resource Access
is also defined as
class

Automated Collectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1119

has facts
accesses op File
is also defined as
class

Automated Exfiltrationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1020

has facts
produces op Internet Network Traffic
is also defined as
class

Bash Historyni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.003

has facts
accesses op Command History Log File
is also defined as
class

Bash Script Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BashScriptFile

belongs to
Executable Script c

Behavior Prevention on Endpointni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1040

belongs to
ATTACK Mitigation c
has facts
related op Authentication Event Thresholding
related op Authorization Event Thresholding
related op Job Function Access Pattern Analysis
related op Resource Access Pattern Analysis
related op Session Duration Analysis
related op User Data Transfer Analysis
related op User Geolocation Logon Pattern Analysis
related op Web Session Activity Analysis

Binary Paddingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.001

has facts
modifies op Executable Binary
is also defined as
class

Biometric Authenticationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BiometricAuthentication

belongs to
Credential Hardening c
has facts
authenticates op User Account
kb-reference op Biometric Authentication
kb-reference op Reference - Tokenless biometric transaction authorization method and system
kb-reference op Reference - http://www.biometric-solutions.com/keystroke-dynamics.html - biometric-solutions.com
d3fend-id dp "D3-BAN"
is also defined as
class

BITS Jobsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1197

has facts
may-produce op Intranet IPC Network Traffic
may-produce op Intranet Web Network Traffic
may-produce op Outbound Internet Web Traffic
is also defined as
class

Block Deviceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BlockDevice

has facts
contains op Boot Sector
contains op Partition
contains op Partition Table
may-contain op Volume
is also defined as
class

Bookni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Book

belongs to
Reference Type c

Boot Integrityni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1046

belongs to
ATTACK Mitigation c
has facts
related op Bootloader Authentication
related op TPM Boot Integrity

Bootkitni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.003

has facts
may-modify op Boot Loader
may-modify op Boot Sector
may-modify op Volume Boot Record
is also defined as
class

Bootloader Authenticationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BootloaderAuthentication

belongs to
Platform Hardening c
has facts
authenticates op Boot Loader
kb-reference op Reference - UEFI Platform Initialization (PI) Specification
d3fend-id dp "D3-BA"
is also defined as
class

Broadcast Domain Isolationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BroadcastDomainIsolation

belongs to
Network Isolation c
has facts
filters op Local Area Network Traffic
kb-reference op Reference - Broadcast isolation and level 3 network switch - Hewlett Packard Enterprise Development LP
kb-reference op Reference - Private virtual local area network isolation - Cisco Technology Inc
d3fend-id dp "D3-BDI"
is also defined as
class

Browserni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Browser

has facts
may-contain op Browser Extension
is also defined as
class

Browser Extensionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BrowserExtension

has facts
extends op Browser
is also defined as
class

Browser Extensionsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1176

has facts
modifies op Browser Extension
is also defined as
class

BSD Processni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BSDProcess

belongs to
Process c

Bypass User Access Controlni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.002

has facts
executes op Executable File
invokes op Create Process
may-modify op System Configuration Database Record
is also defined as
class

Byte Sequence Emulationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ByteSequenceEmulation

belongs to
Network Traffic Analysis c
has facts
kb-reference op Reference - Network-Based Buffer Overflow Detection by Exploit Code Analysis - Information Security Research Centre
kb-reference op Reference - Network-level polymorphic shellcode detection using emulation
d3fend-id dp "D3-BSE"
is also defined as
class

Cached Domain Credentialsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.005

has facts
accesses op Encrypted Credential
may-modify op Log
is also defined as
class

Call Stackni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CallStack

has facts
contains op Stack Frame
is also defined as
class

CCI Catalog v2022-04-05ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCICatalog_v2022-04-05

belongs to
Control Correlation Identifier Catalog c
has facts
has-member op CCI-000015
has-member op CCI-000016
has-member op CCI-000017
has-member op CCI-000018
has-member op CCI-000020
has-member op CCI-000022
has-member op CCI-000025
has-member op CCI-000027
has-member op CCI-000029
has-member op CCI-000030
has-member op CCI-000032
has-member op CCI-000034
has-member op CCI-000035
has-member op CCI-000037
has-member op CCI-000040
has-member op CCI-000044
has-member op CCI-000047
has-member op CCI-000056
has-member op CCI-000057
has-member op CCI-000058
has-member op CCI-000060
has-member op CCI-000066
has-member op CCI-000067
has-member op CCI-000068
has-member op CCI-000071
has-member op CCI-000139
has-member op CCI-000143
has-member op CCI-000144
has-member op CCI-000162
has-member op CCI-000163
has-member op CCI-000164
has-member op CCI-000185
has-member op CCI-000186
has-member op CCI-000187
has-member op CCI-000192
has-member op CCI-000193
has-member op CCI-000194
has-member op CCI-000195
has-member op CCI-000196
has-member op CCI-000197
has-member op CCI-000198
has-member op CCI-000199
has-member op CCI-000200
has-member op CCI-000205
has-member op CCI-000213
has-member op CCI-000218
has-member op CCI-000219
has-member op CCI-000226
has-member op CCI-000346
has-member op CCI-000352
has-member op CCI-000374
has-member op CCI-000381
has-member op CCI-000382
has-member op CCI-000386
has-member op CCI-000417
has-member op CCI-000663
has-member op CCI-000764
has-member op CCI-000765
has-member op CCI-000766
has-member op CCI-000767
has-member op CCI-000768
has-member op CCI-000771
has-member op CCI-000772
has-member op CCI-000774
has-member op CCI-000776
has-member op CCI-000804
has-member op CCI-000831
has-member op CCI-000877
has-member op CCI-000880
has-member op CCI-000884
has-member op CCI-000888
has-member op CCI-001009
has-member op CCI-001019
has-member op CCI-001067
has-member op CCI-001069
has-member op CCI-001082
has-member op CCI-001083
has-member op CCI-001084
has-member op CCI-001085
has-member op CCI-001086
has-member op CCI-001087
has-member op CCI-001089
has-member op CCI-001090
has-member op CCI-001092
has-member op CCI-001094
has-member op CCI-001096
has-member op CCI-001100
has-member op CCI-001109
has-member op CCI-001111
has-member op CCI-001115
has-member op CCI-001117
has-member op CCI-001118
has-member op CCI-001124
has-member op CCI-001125
has-member op CCI-001127
has-member op CCI-001128
has-member op CCI-001133
has-member op CCI-001144
has-member op CCI-001145
has-member op CCI-001146
has-member op CCI-001147
has-member op CCI-001150
has-member op CCI-001166
has-member op CCI-001169
has-member op CCI-001170
has-member op CCI-001178
has-member op CCI-001185
has-member op CCI-001199
has-member op CCI-001200
has-member op CCI-001210
has-member op CCI-001211
has-member op CCI-001233
has-member op CCI-001237
has-member op CCI-001239
has-member op CCI-001242
has-member op CCI-001262
has-member op CCI-001297
has-member op CCI-001305
has-member op CCI-001310
has-member op CCI-001350
has-member op CCI-001352
has-member op CCI-001356
has-member op CCI-001368
has-member op CCI-001372
has-member op CCI-001373
has-member op CCI-001374
has-member op CCI-001376
has-member op CCI-001377
has-member op CCI-001399
has-member op CCI-001400
has-member op CCI-001401
has-member op CCI-001403
has-member op CCI-001404
has-member op CCI-001405
has-member op CCI-001414
has-member op CCI-001424
has-member op CCI-001425
has-member op CCI-001426
has-member op CCI-001427
has-member op CCI-001428
has-member op CCI-001436
has-member op CCI-001452
has-member op CCI-001453
has-member op CCI-001454
has-member op CCI-001493
has-member op CCI-001494
has-member op CCI-001495
has-member op CCI-001496
has-member op CCI-001499
has-member op CCI-001555
has-member op CCI-001556
has-member op CCI-001557
has-member op CCI-001574
has-member op CCI-001589
has-member op CCI-001619
has-member op CCI-001632
has-member op CCI-001662
has-member op CCI-001668
has-member op CCI-001677
has-member op CCI-001682
has-member op CCI-001683
has-member op CCI-001684
has-member op CCI-001685
has-member op CCI-001686
has-member op CCI-001695
has-member op CCI-001744
has-member op CCI-001749
has-member op CCI-001762
has-member op CCI-001764
has-member op CCI-001767
has-member op CCI-001774
has-member op CCI-001811
has-member op CCI-001812
has-member op CCI-001813
has-member op CCI-001855
has-member op CCI-001858
has-member op CCI-001936
has-member op CCI-001937
has-member op CCI-001941
has-member op CCI-001953
has-member op CCI-001954
has-member op CCI-001957
has-member op CCI-001991
has-member op CCI-002005
has-member op CCI-002009
has-member op CCI-002010
has-member op CCI-002015
has-member op CCI-002016
has-member op CCI-002041
has-member op CCI-002145
has-member op CCI-002165
has-member op CCI-002169
has-member op CCI-002178
has-member op CCI-002179
has-member op CCI-002201
has-member op CCI-002205
has-member op CCI-002207
has-member op CCI-002211
has-member op CCI-002218
has-member op CCI-002233
has-member op CCI-002235
has-member op CCI-002238
has-member op CCI-002262
has-member op CCI-002263
has-member op CCI-002264
has-member op CCI-002272
has-member op CCI-002277
has-member op CCI-002281
has-member op CCI-002282
has-member op CCI-002283
has-member op CCI-002284
has-member op CCI-002289
has-member op CCI-002290
has-member op CCI-002302
has-member op CCI-002306
has-member op CCI-002307
has-member op CCI-002308
has-member op CCI-002309
has-member op CCI-002322
has-member op CCI-002346
has-member op CCI-002347
has-member op CCI-002353
has-member op CCI-002355
has-member op CCI-002357
has-member op CCI-002358
has-member op CCI-002359
has-member op CCI-002361
has-member op CCI-002363
has-member op CCI-002364
has-member op CCI-002381
has-member op CCI-002382
has-member op CCI-002384
has-member op CCI-002385
has-member op CCI-002394
has-member op CCI-002397
has-member op CCI-002400
has-member op CCI-002403
has-member op CCI-002409
has-member op CCI-002411
has-member op CCI-002420
has-member op CCI-002421
has-member op CCI-002422
has-member op CCI-002423
has-member op CCI-002425
has-member op CCI-002426
has-member op CCI-002460
has-member op CCI-002462
has-member op CCI-002463
has-member op CCI-002464
has-member op CCI-002465
has-member op CCI-002466
has-member op CCI-002467
has-member op CCI-002468
has-member op CCI-002470
has-member op CCI-002475
has-member op CCI-002476
has-member op CCI-002530
has-member op CCI-002531
has-member op CCI-002533
has-member op CCI-002536
has-member op CCI-002546
has-member op CCI-002605
has-member op CCI-002607
has-member op CCI-002613
has-member op CCI-002614
has-member op CCI-002617
has-member op CCI-002618
has-member op CCI-002630
has-member op CCI-002631
has-member op CCI-002661
has-member op CCI-002662
has-member op CCI-002684
has-member op CCI-002688
has-member op CCI-002689
has-member op CCI-002690
has-member op CCI-002691
has-member op CCI-002710
has-member op CCI-002711
has-member op CCI-002712
has-member op CCI-002715
has-member op CCI-002716
has-member op CCI-002717
has-member op CCI-002718
has-member op CCI-002723
has-member op CCI-002724
has-member op CCI-002726
has-member op CCI-002729
has-member op CCI-002740
has-member op CCI-002743
has-member op CCI-002746
has-member op CCI-002748
has-member op CCI-002749
has-member op CCI-002771
has-member op CCI-002824
has-member op CCI-002883
has-member op CCI-002890
has-member op CCI-002891
has-member op CCI-003014
has-member op CCI-003123
archived-at dp "https://public.cyber.mil/stigs/cci/"^^anyURI
version dp "2022-04-05"

CCI-000015ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000015_v2022-04-05

belongs to
CCI Control c
has facts
broader op Account Locking
broader op Domain Account Monitoring
broader op Local Account Monitoring
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-05-13T00:00:00"^^date time

CCI-000016ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000016_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Account Locking
date published dp "2009-05-13T00:00:00"^^date time

CCI-000017ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000017_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Account Locking
date published dp "2009-05-13T00:00:00"^^date time

CCI-000018ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000018_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
exactly op Domain Account Monitoring
member-of op CCI Catalog v2022-04-05
date published dp "2009-05-13T00:00:00"^^date time

CCI-000020ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000020_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-14T00:00:00"^^date time

CCI-000022ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000022_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-05-13T00:00:00"^^date time

CCI-000025ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000025_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-14T00:00:00"^^date time

CCI-000027ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000027_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-05-13T00:00:00"^^date time

CCI-000029ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000029_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-05-13T00:00:00"^^date time

CCI-000030ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000030_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-05-13T00:00:00"^^date time

CCI-000032ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000032_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-14T00:00:00"^^date time

CCI-000034ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000034_v2022-04-05

belongs to
CCI Control c
has facts
broader op Inbound Traffic Filtering
broader op Outbound Traffic Filtering
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-05-13T00:00:00"^^date time

CCI-000035ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000035_v2022-04-05

belongs to
CCI Control c
has facts
broader op Inbound Traffic Filtering
broader op Outbound Traffic Filtering
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-14T00:00:00"^^date time

CCI-000037ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000037_v2022-04-05

belongs to
CCI Control c
has facts
broader op Local File Permissions
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-14T00:00:00"^^date time

CCI-000040ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000040_v2022-04-05

belongs to
CCI Control c
has facts
broader op Authorization Event Thresholding
broader op Local Account Monitoring
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-14T00:00:00"^^date time

CCI-000044ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000044_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Account Locking
date published dp "2009-09-14T00:00:00"^^date time

CCI-000047ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000047_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Account Locking
date published dp "2009-09-14T00:00:00"^^date time

CCI-000056ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000056_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Account Locking
date published dp "2009-09-14T00:00:00"^^date time

CCI-000057ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000057_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Account Locking
date published dp "2009-05-19T00:00:00"^^date time

CCI-000058ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000058_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Account Locking
date published dp "2009-05-19T00:00:00"^^date time

CCI-000060ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000060_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Account Locking
date published dp "2009-05-19T00:00:00"^^date time

CCI-000066ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000066_v2022-04-05

belongs to
CCI Control c
has facts
broader op Remote Terminal Session Detection
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-14T00:00:00"^^date time

CCI-000067ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000067_v2022-04-05

belongs to
CCI Control c
has facts
broader op Remote Terminal Session Detection
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-14T00:00:00"^^date time

CCI-000068ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000068_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Encrypted Tunnels
date published dp "2009-09-14T00:00:00"^^date time

CCI-000071ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000071_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Remote Terminal Session Detection
date published dp "2009-05-19T00:00:00"^^date time

CCI-000139ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000139_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op System Daemon Monitoring
date published dp "2009-09-15T00:00:00"^^date time

CCI-000143ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000143_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op System Daemon Monitoring
date published dp "2009-05-20T00:00:00"^^date time

CCI-000144ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000144_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op System Daemon Monitoring
date published dp "2009-05-20T00:00:00"^^date time

CCI-000162ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000162_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Credential Hardening
date published dp "2009-05-22T00:00:00"^^date time

CCI-000163ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000163_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Platform Hardening
narrower op System Configuration Permissions
date published dp "2009-05-22T00:00:00"^^date time

CCI-000164ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000164_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Platform Hardening
date published dp "2009-05-22T00:00:00"^^date time

CCI-000185ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000185_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Credential Hardening
date published dp "2009-09-15T00:00:00"^^date time

CCI-000186ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000186_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Credential Hardening
date published dp "2009-09-15T00:00:00"^^date time

CCI-000187ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000187_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Credential Hardening
date published dp "2009-09-15T00:00:00"^^date time

CCI-000192ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000192_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Strong Password Policy
date published dp "2009-09-15T00:00:00"^^date time

CCI-000193ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000193_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Strong Password Policy
date published dp "2009-09-15T00:00:00"^^date time

CCI-000194ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000194_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Strong Password Policy
date published dp "2009-09-15T00:00:00"^^date time

CCI-000195ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000195_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Strong Password Policy
date published dp "2009-09-15T00:00:00"^^date time

CCI-000196ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000196_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Strong Password Policy
date published dp "2009-09-15T00:00:00"^^date time

CCI-000197ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000197_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Strong Password Policy
date published dp "2009-09-15T00:00:00"^^date time

CCI-000198ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000198_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Strong Password Policy
date published dp "2009-09-15T00:00:00"^^date time

CCI-000199ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000199_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Strong Password Policy
date published dp "2009-09-15T00:00:00"^^date time

CCI-000200ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000200_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Strong Password Policy
date published dp "2009-05-22T00:00:00"^^date time

CCI-000205ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000205_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Strong Password Policy
date published dp "2009-05-22T00:00:00"^^date time

CCI-000213ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000213_v2022-04-05

belongs to
CCI Control c
has facts
broader op Biometric Authentication
broader op Certificate-based Authentication
broader op Multi-factor Authentication
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-14T00:00:00"^^date time

CCI-000218ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000218_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-14T00:00:00"^^date time

CCI-000219ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000219_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-14T00:00:00"^^date time

CCI-000226ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000226_v2022-04-05

belongs to
CCI Control c
has facts
broader op Execution Isolation
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-14T00:00:00"^^date time

CCI-000346ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000346_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Local File Permissions
narrower op Mandatory Access Control
narrower op User Account Permissions
date published dp "2009-09-18T00:00:00"^^date time

CCI-000352ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000352_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Executable Allowlisting
narrower op Executable Denylisting
date published dp "2009-09-18T00:00:00"^^date time

CCI-000374ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000374_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Operating System Monitoring
date published dp "2009-09-18T00:00:00"^^date time

CCI-000381ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000381_v2022-04-05

belongs to
CCI Control c
has facts
broader op Platform Hardening
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-18T00:00:00"^^date time

CCI-000382ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000382_v2022-04-05

belongs to
CCI Control c
has facts
broader op Platform Hardening
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-18T00:00:00"^^date time

CCI-000386ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000386_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
exactly op Executable Denylisting
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-18T00:00:00"^^date time

CCI-000417ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000417_v2022-04-05

belongs to
CCI Control c
has facts
broader op Execution Isolation
broader op Network Isolation
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-18T00:00:00"^^date time

CCI-000663ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000663_v2022-04-05

belongs to
CCI Control c
has facts
broader op Execution Isolation
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-21T00:00:00"^^date time

CCI-000764ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000764_v2022-04-05

belongs to
CCI Control c
has facts
broader op Biometric Authentication
broader op Certificate-based Authentication
broader op Multi-factor Authentication
broader op One-time Password
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-17T00:00:00"^^date time

CCI-000765ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000765_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Multi-factor Authentication
date published dp "2009-09-17T00:00:00"^^date time

CCI-000766ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000766_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Multi-factor Authentication
date published dp "2009-09-17T00:00:00"^^date time

CCI-000767ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000767_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Multi-factor Authentication
date published dp "2009-09-17T00:00:00"^^date time

CCI-000768ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000768_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Multi-factor Authentication
date published dp "2009-09-17T00:00:00"^^date time

CCI-000771ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000771_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Multi-factor Authentication
date published dp "2009-09-17T00:00:00"^^date time

CCI-000772ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000772_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Multi-factor Authentication
date published dp "2009-09-17T00:00:00"^^date time

CCI-000774ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000774_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op One-time Password
date published dp "2009-09-17T00:00:00"^^date time

CCI-000776ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000776_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op One-time Password
date published dp "2009-09-17T00:00:00"^^date time

CCI-000804ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000804_v2022-04-05

belongs to
CCI Control c
has facts
broader op Biometric Authentication
broader op Certificate-based Authentication
broader op Multi-factor Authentication
broader op One-time Password
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-17T00:00:00"^^date time

CCI-000831ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000831_v2022-04-05

belongs to
CCI Control c
has facts
broader op Credential Eviction
broader op Process Eviction
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-18T00:00:00"^^date time

CCI-000877ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000877_v2022-04-05

belongs to
CCI Control c
has facts
broader op Biometric Authentication
broader op Certificate-based Authentication
broader op Multi-factor Authentication
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-18T00:00:00"^^date time

CCI-000880ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000880_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Operating System Monitoring
date published dp "2009-09-18T00:00:00"^^date time

CCI-000884ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000884_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Credential Hardening
date published dp "2009-09-18T00:00:00"^^date time

CCI-000888ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000888_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Encrypted Tunnels
date published dp "2009-09-18T00:00:00"^^date time

CCI-001009ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001009_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op File Encryption
date published dp "2009-09-21T00:00:00"^^date time

CCI-001019ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001019_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Disk Encryption
narrower op File Encryption
date published dp "2009-09-21T00:00:00"^^date time

CCI-001067ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001067_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Platform Hardening
date published dp "2009-09-21T00:00:00"^^date time

CCI-001069ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001069_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Executable Allowlisting
narrower op Executable Denylisting
date published dp "2009-09-21T00:00:00"^^date time

CCI-001082ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001082_v2022-04-05

belongs to
CCI Control c
has facts
broader op Local File Permissions
broader op Mandatory Access Control
broader op System Configuration Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-21T00:00:00"^^date time

CCI-001083ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001083_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Local File Permissions
narrower op Mandatory Access Control
narrower op System Configuration Permissions
date published dp "2009-09-21T00:00:00"^^date time

CCI-001084ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001084_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op System Configuration Permissions
date published dp "2009-09-21T00:00:00"^^date time

CCI-001085ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001085_v2022-04-05

belongs to
CCI Control c
has facts
broader op Hardware-based Process Isolation
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-21T00:00:00"^^date time

CCI-001086ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001086_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op System Configuration Permissions
date published dp "2009-09-21T00:00:00"^^date time

CCI-001087ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001087_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op System Configuration Permissions
date published dp "2009-09-21T00:00:00"^^date time

CCI-001089ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001089_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op System Configuration Permissions
date published dp "2009-09-21T00:00:00"^^date time

CCI-001090ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001090_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Network Traffic Filtering
date published dp "2009-09-21T00:00:00"^^date time

CCI-001092ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001092_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-21T00:00:00"^^date time

CCI-001094ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001094_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-21T00:00:00"^^date time

CCI-001096ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001096_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Local File Permissions
narrower op System Configuration Permissions
date published dp "2009-09-21T00:00:00"^^date time

CCI-001100ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001100_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Mandatory Access Control
date published dp "2009-09-21T00:00:00"^^date time

CCI-001109ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001109_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
exactly op Inbound Traffic Filtering
exactly op Outbound Traffic Filtering
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-21T00:00:00"^^date time

CCI-001111ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001111_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-21T00:00:00"^^date time

CCI-001115ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001115_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-21T00:00:00"^^date time

CCI-001117ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001117_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-21T00:00:00"^^date time

CCI-001118ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001118_v2022-04-05

belongs to
CCI Control c
has facts
broader op Network Isolation
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-21T00:00:00"^^date time

CCI-001124ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001124_v2022-04-05

belongs to
CCI Control c
has facts
broader op Broadcast Domain Isolation
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-21T00:00:00"^^date time

CCI-001125ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001125_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-21T00:00:00"^^date time

CCI-001127ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001127_v2022-04-05

belongs to
CCI Control c
has facts
broader op Encrypted Tunnels
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-21T00:00:00"^^date time

CCI-001128ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001128_v2022-04-05

belongs to
CCI Control c
has facts
broader op Encrypted Tunnels
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-21T00:00:00"^^date time

CCI-001133ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001133_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Session Duration Analysis
date published dp "2009-09-21T00:00:00"^^date time

CCI-001144ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001144_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Disk Encryption
narrower op File Encryption
date published dp "2009-09-21T00:00:00"^^date time

CCI-001145ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001145_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Disk Encryption
narrower op File Encryption
date published dp "2009-09-21T00:00:00"^^date time

CCI-001146ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001146_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Disk Encryption
narrower op File Encryption
date published dp "2009-09-21T00:00:00"^^date time

CCI-001147ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001147_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Disk Encryption
narrower op File Encryption
date published dp "2009-09-21T00:00:00"^^date time

CCI-001150ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001150_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Remote Terminal Session Detection
date published dp "2009-09-21T00:00:00"^^date time

CCI-001166ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001166_v2022-04-05

belongs to
CCI Control c
has facts
broader op Dynamic Analysis
broader op Emulated File Analysis
broader op File Content Rules
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-21T00:00:00"^^date time

CCI-001169ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001169_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Executable Denylisting
date published dp "2009-09-21T00:00:00"^^date time

CCI-001170ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001170_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Executable Denylisting
date published dp "2009-09-21T00:00:00"^^date time

CCI-001178ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001178_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Trust Policy
date published dp "2009-09-21T00:00:00"^^date time

CCI-001185ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001185_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Authentication Cache Invalidation
date published dp "2009-09-21T00:00:00"^^date time

CCI-001199ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001199_v2022-04-05

belongs to
CCI Control c
has facts
broader op Disk Encryption
broader op File Content Rules
broader op File Encryption
broader op File Hashing
broader op Local File Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-21T00:00:00"^^date time

CCI-001200ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001200_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Disk Encryption
narrower op File Encryption
date published dp "2009-09-21T00:00:00"^^date time

CCI-001210ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001210_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Driver Load Integrity Checking
date published dp "2009-09-21T00:00:00"^^date time

CCI-001211ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001211_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Application Configuration Hardening
date published dp "2009-09-21T00:00:00"^^date time

CCI-001233ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001233_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Software Update
date published dp "2009-09-22T00:00:00"^^date time

CCI-001237ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001237_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Software Update
date published dp "2009-09-22T00:00:00"^^date time

CCI-001239ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001239_v2022-04-05

belongs to
CCI Control c
has facts
broader op File Analysis
broader op Network Traffic Analysis
broader op Platform Monitoring
broader op Process Analysis
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-22T00:00:00"^^date time

CCI-001242ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001242_v2022-04-05

belongs to
CCI Control c
has facts
broader op Dynamic Analysis
broader op Emulated File Analysis
broader op File Content Rules
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-22T00:00:00"^^date time

CCI-001262ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001262_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-22T00:00:00"^^date time

CCI-001297ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001297_v2022-04-05

belongs to
CCI Control c
has facts
broader op Driver Load Integrity Checking
broader op File Hashing
broader op Pointer Authentication
broader op TPM Boot Integrity
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-22T00:00:00"^^date time

CCI-001305ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001305_v2022-04-05

belongs to
CCI Control c
has facts
broader op Message Authentication
broader op Sender MTA Reputation Analysis
broader op Sender Reputation Analysis
broader op Transfer Agent Authentication
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-22T00:00:00"^^date time

CCI-001310ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001310_v2022-04-05

belongs to
CCI Control c
has facts
broader op Database Query String Analysis
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-22T00:00:00"^^date time

CCI-001350ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001350_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op File Encryption
date published dp "2009-09-22T00:00:00"^^date time

CCI-001352ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001352_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Mandatory Access Control
date published dp "2009-09-22T00:00:00"^^date time

CCI-001356ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001356_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
exactly op Authentication Event Thresholding
exactly op Authorization Event Thresholding
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-22T00:00:00"^^date time

CCI-001368ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001368_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-22T00:00:00"^^date time

CCI-001372ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001372_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-22T00:00:00"^^date time

CCI-001373ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001373_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-22T00:00:00"^^date time

CCI-001374ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001374_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-22T00:00:00"^^date time

CCI-001376ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001376_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Trust Policy
date published dp "2009-09-22T00:00:00"^^date time

CCI-001377ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001377_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Trust Policy
date published dp "2009-09-22T00:00:00"^^date time

CCI-001399ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001399_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-22T00:00:00"^^date time

CCI-001400ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001400_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-22T00:00:00"^^date time

CCI-001401ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001401_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-22T00:00:00"^^date time

CCI-001403ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001403_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
exactly op Domain Account Monitoring
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-24T00:00:00"^^date time

CCI-001404ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001404_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
exactly op Domain Account Monitoring
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-24T00:00:00"^^date time

CCI-001405ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001405_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
exactly op Domain Account Monitoring
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-24T00:00:00"^^date time

CCI-001414ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001414_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-24T00:00:00"^^date time

CCI-001424ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001424_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-25T00:00:00"^^date time

CCI-001425ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001425_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-25T00:00:00"^^date time

CCI-001426ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001426_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-25T00:00:00"^^date time

CCI-001427ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001427_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-25T00:00:00"^^date time

CCI-001428ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001428_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-25T00:00:00"^^date time

CCI-001436ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001436_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2009-09-25T00:00:00"^^date time

CCI-001452ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001452_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Account Locking
date published dp "2009-05-25T00:00:00"^^date time

CCI-001453ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001453_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
exactly op Encrypted Tunnels
member-of op CCI Catalog v2022-04-05
date published dp "2009-09-29T00:00:00"^^date time

CCI-001454ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001454_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Remote Terminal Session Detection
date published dp "2009-09-29T00:00:00"^^date time

CCI-001493ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001493_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Mandatory Access Control
date published dp "2009-09-29T00:00:00"^^date time

CCI-001494ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001494_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Platform Hardening
narrower op System Configuration Permissions
date published dp "2009-09-29T00:00:00"^^date time

CCI-001495ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001495_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Platform Hardening
date published dp "2009-09-29T00:00:00"^^date time

CCI-001496ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001496_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op File Encryption
date published dp "2009-09-29T00:00:00"^^date time

CCI-001499ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001499_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op System Configuration Permissions
narrower op User Account Permissions
date published dp "2009-09-29T00:00:00"^^date time

CCI-001555ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001555_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Trust Policy
date published dp "2010-05-11T00:00:00"^^date time

CCI-001556ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001556_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Trust Policy
date published dp "2010-05-11T00:00:00"^^date time

CCI-001557ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001557_v2022-04-05

belongs to
CCI Control c
has facts
broader op Network Traffic Analysis
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2010-05-11T00:00:00"^^date time

CCI-001574ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001574_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2010-05-11T00:00:00"^^date time

CCI-001589ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001589_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Operating System Monitoring
date published dp "2010-05-12T00:00:00"^^date time

CCI-001619ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001619_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Strong Password Policy
date published dp "2010-05-12T00:00:00"^^date time

CCI-001632ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001632_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
exactly op Encrypted Tunnels
member-of op CCI Catalog v2022-04-05
date published dp "2010-05-12T00:00:00"^^date time

CCI-001662ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001662_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Dynamic Analysis
narrower op Emulated File Analysis
narrower op File Content Rules
date published dp "2010-05-12T00:00:00"^^date time

CCI-001668ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001668_v2022-04-05

belongs to
CCI Control c
has facts
broader op File Analysis
broader op Network Traffic Analysis
broader op Platform Monitoring
broader op Process Analysis
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2010-05-12T00:00:00"^^date time

CCI-001677ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001677_v2022-04-05

belongs to
CCI Control c
has facts
broader op Message Authentication
broader op Sender MTA Reputation Analysis
broader op Sender Reputation Analysis
broader op Transfer Agent Authentication
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2010-05-12T00:00:00"^^date time

CCI-001682ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001682_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Account Locking
date published dp "2011-05-03T00:00:00"^^date time

CCI-001683ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001683_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Account Monitoring
date published dp "2011-05-03T00:00:00"^^date time

CCI-001684ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001684_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Account Monitoring
date published dp "2011-05-03T00:00:00"^^date time

CCI-001685ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001685_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Account Monitoring
date published dp "2011-05-03T00:00:00"^^date time

CCI-001686ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001686_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Account Monitoring
date published dp "2011-05-03T00:00:00"^^date time

CCI-001695ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001695_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Executable Denylisting
date published dp "2011-10-07T00:00:00"^^date time

CCI-001744ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001744_v2022-04-05

belongs to
CCI Control c
has facts
broader op Operating System Monitoring
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-02-28T00:00:00"^^date time

CCI-001749ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001749_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Executable Allowlisting
narrower op Executable Denylisting
date published dp "2013-02-28T00:00:00"^^date time

CCI-001762ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001762_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op System Configuration Permissions
date published dp "2013-02-28T00:00:00"^^date time

CCI-001764ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001764_v2022-04-05

belongs to
CCI Control c
has facts
broader op Executable Allowlisting
broader op Executable Denylisting
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-02-28T00:00:00"^^date time

CCI-001767ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001767_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Executable Denylisting
date published dp "2013-02-28T00:00:00"^^date time

CCI-001774ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001774_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Executable Allowlisting
date published dp "2013-02-28T00:00:00"^^date time

CCI-001811ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001811_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op File Analysis
date published dp "2013-03-01T00:00:00"^^date time

CCI-001812ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001812_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Executable Allowlisting
narrower op Executable Denylisting
date published dp "2013-03-01T00:00:00"^^date time

CCI-001813ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001813_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-03-01T00:00:00"^^date time

CCI-001855ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001855_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op System Daemon Monitoring
date published dp "2013-03-14T00:00:00"^^date time

CCI-001858ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001858_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op System Daemon Monitoring
date published dp "2013-03-14T00:00:00"^^date time

CCI-001936ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001936_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Multi-factor Authentication
date published dp "2013-05-03T00:00:00"^^date time

CCI-001937ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001937_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Multi-factor Authentication
date published dp "2013-05-03T00:00:00"^^date time

CCI-001941ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001941_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op One-time Password
date published dp "2013-05-03T00:00:00"^^date time

CCI-001953ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001953_v2022-04-05

belongs to
CCI Control c
has facts
broader op Biometric Authentication
broader op Certificate-based Authentication
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-05-03T00:00:00"^^date time

CCI-001954ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001954_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Biometric Authentication
narrower op Certificate-based Authentication
date published dp "2013-05-03T00:00:00"^^date time

CCI-001957ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001957_v2022-04-05

belongs to
CCI Control c
has facts
broader op One-time Password
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-05-03T00:00:00"^^date time

CCI-001991ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001991_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Certificate-based Authentication
date published dp "2013-05-03T00:00:00"^^date time

CCI-002005ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002005_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Biometric Authentication
date published dp "2013-05-03T00:00:00"^^date time

CCI-002009ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002009_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Biometric Authentication
narrower op Certificate-based Authentication
date published dp "2013-05-03T00:00:00"^^date time

CCI-002010ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002010_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Biometric Authentication
narrower op Certificate-based Authentication
date published dp "2013-05-03T00:00:00"^^date time

CCI-002015ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002015_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Biometric Authentication
narrower op Certificate-based Authentication
date published dp "2013-05-03T00:00:00"^^date time

CCI-002016ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002016_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Biometric Authentication
narrower op Certificate-based Authentication
date published dp "2013-05-03T00:00:00"^^date time

CCI-002041ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002041_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Strong Password Policy
date published dp "2013-05-03T00:00:00"^^date time

CCI-002145ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002145_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op User Account Permissions
date published dp "2013-06-24T00:00:00"^^date time

CCI-002165ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002165_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Mandatory Access Control
date published dp "2013-06-24T00:00:00"^^date time

CCI-002169ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002169_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Mandatory Access Control
date published dp "2013-06-24T00:00:00"^^date time

CCI-002178ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002178_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Mandatory Access Control
narrower op System Call Filtering
date published dp "2013-06-24T00:00:00"^^date time

CCI-002179ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002179_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Mandatory Access Control
narrower op System Call Filtering
date published dp "2013-06-24T00:00:00"^^date time

CCI-002201ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002201_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Trust Policy
date published dp "2013-06-24T00:00:00"^^date time

CCI-002205ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002205_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Trust Policy
date published dp "2013-06-24T00:00:00"^^date time

CCI-002207ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002207_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Trust Policy
date published dp "2013-06-24T00:00:00"^^date time

CCI-002211ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002211_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2013-06-24T00:00:00"^^date time

CCI-002218ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002218_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Trust Policy
date published dp "2013-06-24T00:00:00"^^date time

CCI-002233ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002233_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Executable Denylisting
date published dp "2013-06-24T00:00:00"^^date time

CCI-002235ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002235_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Mandatory Access Control
narrower op System Configuration Permissions
date published dp "2013-06-24T00:00:00"^^date time

CCI-002238ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002238_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Account Locking
date published dp "2013-06-24T00:00:00"^^date time

CCI-002262ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002262_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002263ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002263_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002264ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002264_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002272ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002272_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002277ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002277_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002281ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002281_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002282ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002282_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002283ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002283_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002284ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002284_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002289ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002289_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002290ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002290_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002302ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002302_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002306ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002306_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op System Configuration Permissions
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002307ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002307_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op System Configuration Permissions
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002308ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002308_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op System Configuration Permissions
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002309ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002309_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op System Configuration Permissions
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-24T00:00:00"^^date time

CCI-002322ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002322_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Remote Terminal Session Detection
date published dp "2013-06-24T00:00:00"^^date time

CCI-002346ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002346_v2022-04-05

belongs to
CCI Control c
has facts
broader op Database Query String Analysis
broader op Disk Encryption
broader op File Encryption
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-25T00:00:00"^^date time

CCI-002347ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002347_v2022-04-05

belongs to
CCI Control c
has facts
broader op File Access Pattern Analysis
broader op Input Device Analysis
broader op Resource Access Pattern Analysis
broader op User Data Transfer Analysis
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-25T00:00:00"^^date time

CCI-002353ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002353_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-25T00:00:00"^^date time

CCI-002355ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002355_v2022-04-05

belongs to
CCI Control c
has facts
broader op Mandatory Access Control
broader op User Account Permissions
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-06-25T00:00:00"^^date time

CCI-002357ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002357_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Mandatory Access Control
narrower op User Account Permissions
date published dp "2013-06-25T00:00:00"^^date time

CCI-002358ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002358_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Mandatory Access Control
narrower op User Account Permissions
date published dp "2013-06-25T00:00:00"^^date time

CCI-002359ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002359_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Mandatory Access Control
narrower op User Account Permissions
date published dp "2013-06-25T00:00:00"^^date time

CCI-002361ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002361_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Process Termination
date published dp "2013-06-26T00:00:00"^^date time

CCI-002363ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002363_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Process Termination
date published dp "2013-06-26T00:00:00"^^date time

CCI-002364ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002364_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Process Termination
date published dp "2013-06-26T00:00:00"^^date time

CCI-002381ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002381_v2022-04-05

belongs to
CCI Control c
has facts
broader op Hardware-based Process Isolation
broader op Kernel-based Process Isolation
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-02T00:00:00"^^date time

CCI-002382ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002382_v2022-04-05

belongs to
CCI Control c
has facts
broader op Hardware-based Process Isolation
broader op Kernel-based Process Isolation
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-02T00:00:00"^^date time

CCI-002384ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002384_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Network Traffic Filtering
date published dp "2013-07-02T00:00:00"^^date time

CCI-002385ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002385_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2013-07-02T00:00:00"^^date time

CCI-002394ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002394_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op System Configuration Permissions
date published dp "2013-07-02T00:00:00"^^date time

CCI-002397ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002397_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2013-07-02T00:00:00"^^date time

CCI-002400ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002400_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Outbound Traffic Filtering
date published dp "2013-07-02T00:00:00"^^date time

CCI-002403ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002403_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2013-07-02T00:00:00"^^date time

CCI-002409ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002409_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
narrower op Outbound Traffic Filtering
date published dp "2013-07-02T00:00:00"^^date time

CCI-002411ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002411_v2022-04-05

belongs to
CCI Control c
has facts
broader op Hardware-based Process Isolation
broader op IO Port Restriction
broader op Kernel-based Process Isolation
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-02T00:00:00"^^date time

CCI-002420ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002420_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Encrypted Tunnels
date published dp "2013-07-02T00:00:00"^^date time

CCI-002421ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002421_v2022-04-05

belongs to
CCI Control c
has facts
broader op Encrypted Tunnels
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-02T00:00:00"^^date time

CCI-002422ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002422_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Encrypted Tunnels
date published dp "2013-07-02T00:00:00"^^date time

CCI-002423ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002423_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Encrypted Tunnels
date published dp "2013-07-02T00:00:00"^^date time

CCI-002425ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002425_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Encrypted Tunnels
date published dp "2013-07-02T00:00:00"^^date time

CCI-002426ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002426_v2022-04-05

belongs to
CCI Control c
has facts
broader op Encrypted Tunnels
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-02T00:00:00"^^date time

CCI-002460ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002460_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Executable Denylisting
date published dp "2013-07-02T00:00:00"^^date time

CCI-002462ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002462_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Trust Policy
date published dp "2013-07-02T00:00:00"^^date time

CCI-002463ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002463_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Trust Policy
date published dp "2013-07-02T00:00:00"^^date time

CCI-002464ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002464_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Trust Policy
date published dp "2013-07-02T00:00:00"^^date time

CCI-002465ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002465_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Trust Policy
date published dp "2013-07-02T00:00:00"^^date time

CCI-002466ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002466_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Domain Trust Policy
date published dp "2013-07-02T00:00:00"^^date time

CCI-002467ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002467_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op DNS Traffic Analysis
date published dp "2013-07-02T00:00:00"^^date time

CCI-002468ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002468_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op DNS Traffic Analysis
date published dp "2013-07-02T00:00:00"^^date time

CCI-002470ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002470_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Certificate-based Authentication
narrower op Certificate Pinning
date published dp "2013-07-02T00:00:00"^^date time

CCI-002475ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002475_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Disk Encryption
narrower op File Encryption
date published dp "2013-07-02T00:00:00"^^date time

CCI-002476ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002476_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Disk Encryption
narrower op File Encryption
date published dp "2013-07-02T00:00:00"^^date time

CCI-002530ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002530_v2022-04-05

belongs to
CCI Control c
has facts
broader op Hardware-based Process Isolation
broader op Kernel-based Process Isolation
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-02T00:00:00"^^date time

CCI-002531ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002531_v2022-04-05

belongs to
CCI Control c
has facts
broader op Hardware-based Process Isolation
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-02T00:00:00"^^date time

CCI-002533ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002533_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Kernel-based Process Isolation
date published dp "2013-07-02T00:00:00"^^date time

CCI-002536ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002536_v2022-04-05

belongs to
CCI Control c
has facts
broader op RF Shielding
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-02T00:00:00"^^date time

CCI-002546ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002546_v2022-04-05

belongs to
CCI Control c
has facts
broader op IO Port Restriction
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-02T00:00:00"^^date time

CCI-002605ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002605_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Software Update
date published dp "2013-07-11T00:00:00"^^date time

CCI-002607ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002607_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Software Update
date published dp "2013-07-11T00:00:00"^^date time

CCI-002613ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002613_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Software Update
date published dp "2013-07-11T00:00:00"^^date time

CCI-002614ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002614_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Software Update
date published dp "2013-07-11T00:00:00"^^date time

CCI-002617ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002617_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Software Update
date published dp "2013-07-11T00:00:00"^^date time

CCI-002618ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002618_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Software Update
date published dp "2013-07-11T00:00:00"^^date time

CCI-002630ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002630_v2022-04-05

belongs to
CCI Control c
has facts
broader op Script Execution Analysis
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-11T00:00:00"^^date time

CCI-002631ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002631_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Script Execution Analysis
date published dp "2013-07-11T00:00:00"^^date time

CCI-002661ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002661_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Inbound Traffic Filtering
date published dp "2013-07-11T00:00:00"^^date time

CCI-002662ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002662_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Outbound Traffic Filtering
date published dp "2013-07-11T00:00:00"^^date time

CCI-002684ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002684_v2022-04-05

belongs to
CCI Control c
has facts
broader op Network Traffic Analysis
broader op Platform Monitoring
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-11T00:00:00"^^date time

CCI-002688ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002688_v2022-04-05

belongs to
CCI Control c
has facts
broader op File Content Rules
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-11T00:00:00"^^date time

CCI-002689ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002689_v2022-04-05

belongs to
CCI Control c
has facts
broader op File Content Rules
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-11T00:00:00"^^date time

CCI-002690ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002690_v2022-04-05

belongs to
CCI Control c
has facts
broader op File Content Rules
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-11T00:00:00"^^date time

CCI-002691ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002691_v2022-04-05

belongs to
CCI Control c
has facts
broader op File Content Rules
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-11T00:00:00"^^date time

CCI-002710ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002710_v2022-04-05

belongs to
CCI Control c
has facts
broader op Driver Load Integrity Checking
broader op File Hashing
broader op Pointer Authentication
broader op TPM Boot Integrity
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-11T00:00:00"^^date time

CCI-002711ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002711_v2022-04-05

belongs to
CCI Control c
has facts
broader op TPM Boot Integrity
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-11T00:00:00"^^date time

CCI-002712ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002712_v2022-04-05

belongs to
CCI Control c
has facts
broader op Driver Load Integrity Checking
broader op File Hashing
broader op Pointer Authentication
broader op TPM Boot Integrity
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-11T00:00:00"^^date time

CCI-002715ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002715_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Driver Load Integrity Checking
narrower op File Hashing
narrower op Pointer Authentication
narrower op TPM Boot Integrity
date published dp "2013-07-11T00:00:00"^^date time

CCI-002716ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002716_v2022-04-05

belongs to
CCI Control c
has facts
broader op File Hashing
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-11T00:00:00"^^date time

CCI-002717ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002717_v2022-04-05

belongs to
CCI Control c
has facts
broader op File Hashing
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-11T00:00:00"^^date time

CCI-002718ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002718_v2022-04-05

belongs to
CCI Control c
has facts
broader op File Hashing
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-11T00:00:00"^^date time

CCI-002723ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002723_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Driver Load Integrity Checking
narrower op File Hashing
narrower op Pointer Authentication
narrower op TPM Boot Integrity
date published dp "2013-07-11T00:00:00"^^date time

CCI-002724ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002724_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Driver Load Integrity Checking
narrower op File Hashing
narrower op Pointer Authentication
narrower op TPM Boot Integrity
date published dp "2013-07-11T00:00:00"^^date time

CCI-002726ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002726_v2022-04-05

belongs to
CCI Control c
has facts
broader op Driver Load Integrity Checking
broader op TPM Boot Integrity
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-11T00:00:00"^^date time

CCI-002729ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002729_v2022-04-05

belongs to
CCI Control c
has facts
broader op Driver Load Integrity Checking
broader op TPM Boot Integrity
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-11T00:00:00"^^date time

CCI-002740ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002740_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Executable Allowlisting
date published dp "2013-07-11T00:00:00"^^date time

CCI-002743ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002743_v2022-04-05

belongs to
CCI Control c
has facts
broader op Sender MTA Reputation Analysis
broader op Sender Reputation Analysis
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-11T00:00:00"^^date time

CCI-002746ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002746_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Database Query String Analysis
date published dp "2013-07-11T00:00:00"^^date time

CCI-002748ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002748_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Database Query String Analysis
date published dp "2013-07-11T00:00:00"^^date time

CCI-002749ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002749_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Database Query String Analysis
date published dp "2013-07-11T00:00:00"^^date time

CCI-002771ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002771_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Outbound Traffic Filtering
date published dp "2013-07-11T00:00:00"^^date time

CCI-002824ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002824_v2022-04-05

belongs to
CCI Control c
has facts
broader op Dead Code Elimination
broader op Process Segment Execution Prevention
broader op Segment Address Offset Randomization
broader op Stack Frame Canary Validation
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
date published dp "2013-07-12T00:00:00"^^date time

CCI-002883ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002883_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op User Account Permissions
date published dp "2013-07-22T00:00:00"^^date time

CCI-002890ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002890_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Encrypted Tunnels
date published dp "2013-07-22T00:00:00"^^date time

CCI-002891ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002891_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Remote Terminal Session Detection
date published dp "2013-07-22T00:00:00"^^date time

CCI-003014ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-003014_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
exactly op Mandatory Access Control
member-of op CCI Catalog v2022-04-05
date published dp "2013-08-30T00:00:00"^^date time

CCI-003123ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-003123_v2022-04-05

belongs to
CCI Control c
has facts
contributor op DISA FSO
member-of op CCI Catalog v2022-04-05
narrower op Encrypted Tunnels
date published dp "2013-09-24T00:00:00"^^date time

Central Processing Unitni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CentralProcessingUnit

has facts
contains op Processor Register
may-contain op Processor Cache Memory
may-contain op Memory Management Unit
may-contain op Memory Protection Unit
is also defined as
class

Certificateni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Certificate

has facts
contains op Identifier
contains op Public Key
is also defined as
class

Certificate Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificateAnalysis

belongs to
Certificate Analysis c
Network Traffic Analysis c
has facts
analyzes op Certificate File
kb-reference op Reference - Securing Web Transactions
d3fend-id dp "D3-CA"
is also defined as
class

Certificate Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificateFile

has facts
contains op Certificate
is also defined as
class

Certificate Pinningni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificatePinning

belongs to
Credential Hardening c
has facts
authenticates op Public Key
kb-reference op Reference - Certificate and Public Key Pinning
kb-reference op Reference - End-to-end certificate pinning
d3fend-id dp "D3-CP"
is also defined as
class

Certificate Trust Storeni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificateTrustStore

has facts
contains op Certificate
is also defined as
class

Certificate-based Authenticationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Certificate-basedAuthentication

belongs to
Credential Hardening c
has facts
kb-reference op Reference - Tokenless biometric transaction authorization method and system
d3fend-id dp "D3-CBAN"
is also defined as
class

Change Default File Associationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.001

has facts
modifies op System Configuration Database Record
is also defined as
class

Clear Command Historyni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.003

has facts
modifies op Command History Log
is also defined as
class

Clear Linux or Mac System Logsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.002

has facts
modifies op Operating System Log File
is also defined as
class

Clear Windows Event Logsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.001

has facts
modifies op Event Log
is also defined as
class

Client-server Payload Profilingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Client-serverPayloadProfiling

belongs to
Network Traffic Analysis c
has facts
analyzes op Network Traffic
kb-reference op Reference - Method and system for detecting malicious payloads - Vectra Networks Inc
d3fend-id dp "D3-CSPP"
is also defined as
class

Clipboard Datani back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1115

has facts
reads op Clipboard
is also defined as
class

Cloud Accountni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.004

has facts
creates op Cloud User Account
is also defined as
class

Cloud Accountsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.004

has facts
uses op Cloud User Account
is also defined as
class

Cloud Instance Metadata APIni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.005

has facts
accesses op Cloud Instance Metadata
is also defined as
class

Cloud Service Dashboardni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1538

has facts
accesses op Cloud Configuration
is also defined as
class

Cloud Service Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1526

has facts
reads op Cloud Configuration
is also defined as
class

Cloud Service Sensorni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudServiceSensor

has facts
monitors op Cloud Service Authentication
monitors op Cloud Service Authorization
is also defined as
class

Cloud Storage Object Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1619

has facts
accesses op Cloud Storage
is also defined as
class

CM-14ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_CM-14

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
related op Driver Load Integrity Checking
related op Message Authentication
control-name dp "Signed Components"

CM-5ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_CM-5

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Executable Allowlisting
narrower op Executable Denylisting
narrower op Local Account Monitoring
narrower op Mandatory Access Control
control-name dp "Access Restrictions for Change"

CM-5(1)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_CM-5_1

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Local Account Monitoring
control-name dp "Access Restrictions for Change | Automated Access Enforcement and Audit Records"

CM-5(3)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_CM-5_3

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Local Account Monitoring
narrower op System Configuration Permissions
control-name dp "Access Restrictions for Change | Signed Components"

CM-5(5)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_CM-5_5

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Local Account Monitoring
narrower op System Configuration Permissions
control-name dp "Access Restrictions for Change | Privilege Limitation for Production and Operation"

CM-5(6)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_CM-5_6

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Local Account Monitoring
narrower op System Configuration Permissions
control-name dp "Access Restrictions for Change | Limit Library Privileges"

CM-6(3)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_CM-6_3

belongs to
NIST Control c
has facts
broader op Application Configuration Hardening
member-of op NIST SP 800-53 R5
control-name dp "Configuration Settings | Unauthorized Change Detection"

CMSTPni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.003

has facts
invokes op Create Process
may-produce op Network Traffic
is also defined as
class

Code Repositoriesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213.003

has facts
reads op Code Repository
is also defined as
class

Code Repositoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CodeRepository

has facts
contains op Source Code
is also defined as
class

Code Signingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1045

belongs to
ATTACK Mitigation c
has facts
related op Driver Load Integrity Checking
related op Executable Allowlisting
related op Service Binary Verification

Code Signingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.002

has facts
enables op Defense Evasion
is also defined as
class

Collectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Collection

belongs to
Offensive Tactic c
is also defined as
class

Collection Techniqueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CollectionTechnique

has facts
enables op Collection
is also defined as
class

Command And Controlni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandAndControl

belongs to
Offensive Tactic c
is also defined as
class

Command and Control Techniqueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandAndControlTechnique

has facts
enables op Command And Control
is also defined as
class

Command and Scripting Interpreter Executionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059

has facts
executes op Executable Script
is also defined as
class

Command History Log Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandHistoryLogFile

has facts
contains op Command History Log
is also defined as
class

Communication Through Removable Mediani back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1092

has facts
modifies op Removable Media Device
is also defined as
class

Compile After Deliveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.004

has facts
creates op Executable File
is also defined as
class

Compiled HTML Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.001

has facts
invokes op Create File
invokes op Create Process
is also defined as
class

Compilerni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Compiler

has facts
reads op Compiler Configuration File
is also defined as
class

Component Firmwareni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.002

has facts
modifies op Firmware
is also defined as
class

Component Object Model Hijackingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.015

has facts
loads op Executable Binary
modifies op System Configuration Database
is also defined as
class

Compromise Client Software Binaryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1554

has facts
modifies op Client Application
is also defined as
class

Compromise Hardware Supply Chainni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195.003

has facts
modifies op Hardware Device
is also defined as
class

Compromise Software Dependencies and Development Toolsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195.001

has facts
modifies op Software
is also defined as
class

Compromise Software Supply Chainni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195.002

has facts
modifies op Software
is also defined as
class

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-362

has facts
weakness of op Shared Resource Access Function
is also defined as
class

Configuration Databaseni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConfigurationDatabase

has facts
contains op Configuration Database Record
is also defined as
class

Configuration Inventoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConfigurationInventory

belongs to
Asset Inventory c
has facts
inventories op Configuration Resource
kb-reference op Reference - Web-Based Enterprise Management
kb-reference op Reference - Windows Management Infrastructure (MI)
kb-reference op Reference - Windows Management Instrumentation (WMI)
d3fend-id dp "D3-CI"
is also defined as
class

Confluenceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213.001

has facts
accesses op Web File Resource
is also defined as
class

Connect Socketni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConnectSocket

has facts
connects op Pipe
is also defined as
class

Connected Honeynetni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConnectedHoneynet

belongs to
Decoy Environment c
has facts
kb-reference op Reference - Modification of a Server to Mimic a Deception Mechanism - Acalvio Technologies Inc
spoofs op Local Area Network
d3fend-id dp "D3-CHN"
is also defined as
class

Connection Attempt Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConnectionAttemptAnalysis

belongs to
Network Traffic Analysis c
has facts
analyzes op Intranet Network Traffic
kb-reference op Reference - Detecting network reconnaissance by tracking intranet dark-net communications - VECTRA NETWORKS Inc
d3fend-id dp "D3-CAA"
is also defined as
class

Container Runtimeni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ContainerRuntime

has facts
runs op Container Image
is also defined as
class

Control Panel Executionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.002

has facts
invokes op Create Process
may-modify op System Configuration Database Record
is also defined as
class

Copy Memory Functionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CopyMemoryFunction

has facts
copies op Memory Block
is also defined as
class

Copy Tokenni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CopyToken

belongs to
Copy Token c
has facts
copies op Access Token
is also defined as
class

COR_PROFILERni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.012

has facts
adds op Shared Library File
modifies op System Configuration Database Record
is also defined as
class

Create Accountni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1136

has facts
creates op User Account
is also defined as
class

Create Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateFile

has facts
creates op File
is also defined as
class

Create Processni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateProcess

has facts
creates op Process
is also defined as
class

Create Process with Tokenni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.002

has facts
copies op Access Token
may-modify op Event Log
is also defined as
class

Create Socketni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateSocket

has facts
creates op Pipe
is also defined as
class

Create Threadni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateThread

has facts
creates op Thread
is also defined as
class

Credentialni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Credential

has facts
authenticates op User Account
is also defined as
class

Credential Accessni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialAccess

belongs to
Offensive Tactic c
is also defined as
class

Credential Access Protectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1043

belongs to
ATTACK Mitigation c
has facts
related op Hardware-based Process Isolation

Credential Access Techniqueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialAccessTechnique

has facts
accesses op Credential
enables op Credential Access
may-access op Password File
may-invoke op Create Process
is also defined as
class

Credential API Hookingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.004

has facts
may-modify op Process Code Segment
is also defined as
class

Credential Compromise Scope Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialCompromiseScopeAnalysis

belongs to
User Behavior Analysis c
has facts
analyzes op Credential
kb-reference op Reference - CAR-2015-07-001: All Logins Since Last Boot - MITRE
kb-reference op Reference - Systems and methods for detecting credential theft - Symantec Corp
d3fend-id dp "D3-CCSA"
is also defined as
class

Credential Evictionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialEviction

belongs to
Defensive Technique c
has facts
enables op Evict
d3fend-id dp "D3-CE"
is also defined as
class

Credential Hardeningni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialHardening

belongs to
Defensive Technique c
has facts
enables op Harden
d3fend-id dp "D3-CH"
is also defined as
class

Credential Revokingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialRevoking

belongs to
Credential Eviction c
has facts
deletes op Credential
kb-reference op Reference - Revoke a previously issued verifiable credential - Microsoft
d3fend-id dp "D3-CR"
is also defined as
class

Credential Stuffingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.004

has facts
may-create op Intranet Administrative Network Traffic
modifies op Authentication Log
produces op Authentication
is also defined as
class

Credential Transmission Scopingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialTransmissionScoping

belongs to
Credential Hardening c
has facts
kb-reference op Reference - Web Authentication: An API for accessing Public Key Credentials Level 2
restricts op Credential
d3fend-id dp "D3-CTS"
is also defined as
class

Credentials from Password Storesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555

has facts
accesses op Password Store
may-access op Database File
is also defined as
class

Credentials from Web Browsersni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.003

has facts
accesses op Database File
may-access op In-memory Password Store
may-invoke op Read File
is also defined as
class

Credentials in Filesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.001

has facts
accesses op File
is also defined as
class

Credentials in Registryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.002

has facts
accesses op System Configuration Database
is also defined as
class

Cross-Site Request Forgery (CSRF)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-352

has facts
weakness of op User Input Function
is also defined as
class

Data Backupni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1053

belongs to
ATTACK Mitigation c
has facts
d3fend-comment dp "Comprehensive IT disaster recovery plans are outside the current scope of D3FEND."

Data Encodingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1132

has facts
produces op Outbound Internet Network Traffic
is also defined as
class

Data Exchange Mappingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DataExchangeMapping

belongs to
System Mapping c
has facts
kb-reference op Reference - Catia UAF Plugin
kb-reference op Reference - Tivoli Application Dependency Discovery Manager 7.3.0 - Dependencies between resources
kb-reference op Reference - Unified Architecture Framework (UAF)
maps op Data Dependency
d3fend-id dp "D3-DEM"
is also defined as
class

Data from Information Repositoriesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213

has facts
accesses op Resource
is also defined as
class

Data from Local Systemni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1005

has facts
accesses op File
accesses op Local Resource
is also defined as
class

Data from Network Shared Driveni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1039

has facts
accesses op Network File Share Resource
is also defined as
class

Data from Removable Mediani back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1025

has facts
accesses op Removable Media Device
is also defined as
class

Data Inventoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DataInventory

belongs to
Asset Inventory c
has facts
inventories op Database
inventories op Document File
inventories op Email
inventories op Multimedia Document File
kb-reference op Reference - Data processing and scanning systems for generating and populating a data inventory
d3fend-id dp "D3-DI"
is also defined as
class

Data Obfuscationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1001

has facts
produces op Outbound Internet Network Traffic
is also defined as
class

Data Stagedni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1074

has facts
reads op Resource
is also defined as
class

Data Transfer Size Limitsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1030

has facts
produces op Internet Network Traffic
is also defined as
class

Database Query String Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DatabaseQueryStringAnalysis

belongs to
Process Analysis c
has facts
analyzes op Database Query
kb-reference op Reference - System and method for internet security - Cylance Inc
d3fend-id dp "D3-DQSA"
is also defined as
class

Database Serverni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DatabaseServer

has facts
contains op Database
is also defined as
class

DCSyncni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.006

has facts
may-modify op Event Log
produces op Intranet Administrative Network Traffic
is also defined as
class

Dead Code Eliminationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DeadCodeElimination

belongs to
Application Hardening c
has facts
kb-reference op Reference - Dead code elimination
d3fend-id dp "D3-DCE"
is also defined as
class

Deceiveni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Deceive

belongs to
Defensive Tactic c
is also defined as
class

Decoy Artifactni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyArtifact

has facts
may-contain op Digital Artifact
is also defined as
class

Decoy Environmentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyEnvironment

belongs to
Defensive Technique c
has facts
enables op Deceive
manages op Decoy Artifact
d3fend-id dp "D3-DE"
is also defined as
class

Decoy Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyFile

belongs to
Decoy Object c
has facts
kb-reference op Reference - Open source intelligence deceptions - Illusive Networks Ltd
kb-reference op Reference - System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Inc
kb-reference op Reference - System and methods thereof for preventing ransomware from encrypting data elements stored in a memory of a computer-based system - Palo Alto Networks Inc
kb-reference op Reference - Supply chain cyber-deception - Cymmetria, Inc.
spoofs op File
d3fend-id dp "D3-DF"
is also defined as
class

Decoy Network Resourceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyNetworkResource

belongs to
Decoy Object c
has facts
kb-reference op Reference - Automatically generating network resource groups and assigning customized decoy policies thereto - Illusive Networks Ltd
kb-reference op Reference - Deception-Based Responses to Security Attacks - Crowdstrike Inc
kb-reference op Reference - Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network - Palo Alto Networks Inc
kb-reference op Reference - System and method for identifying the presence of malware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Inc
spoofs op Network Resource
d3fend-id dp "D3-DNR"
is also defined as
class

Decoy Objectni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyObject

belongs to
Defensive Technique c
has facts
enables op Deceive
d3fend-id dp "D3-DO"
is also defined as
class

Decoy Personani back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyPersona

belongs to
Decoy Object c
has facts
kb-reference op Reference - Decoy Personas for Safeguarding Online Identity Using Deception - MITRE
kb-reference op Reference - Decoy and deceptive data object technology - Cymmetria, Inc.
spoofs op User
d3fend-id dp "D3-DP"
is also defined as
class

Decoy Public Releaseni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyPublicRelease

belongs to
Decoy Object c
has facts
kb-reference op Reference - Mock attack cybersecurity training system and methods - WOMBAT SECURITY TECHNOLOGIES Inc
d3fend-id dp "D3-DPR"
is also defined as
class

Decoy Session Tokenni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoySessionToken

belongs to
Decoy Object c
has facts
kb-reference op Reference - Decoy and deceptive data object technology - Cymmetria Inc
spoofs op Access Token
d3fend-id dp "D3-DST"
is also defined as
class

Decoy User Credentialni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyUserCredential

belongs to
Decoy Object c
has facts
kb-reference op Reference - Decoy and deceptive data object technology - Cymmetria Inc
kb-reference op Reference - Decoy Network-Based Service for Deceiving Attackers - Amazon Technologies
kb-reference op Reference - System and method for identifying the presence of malware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Inc
spoofs op Credential
d3fend-id dp "D3-DUC"
is also defined as
class

Default Accountsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.001

has facts
uses op Default User Account
is also defined as
class

Defense Evasionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefenseEvasion

belongs to
Offensive Tactic c
is also defined as
class

Defense Evasion Techniqueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefenseEvasionTechnique

has facts
enables op Defense Evasion
is also defined as
class

Defensive Techniqueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefensiveTechnique

belongs to
Technique c
is also defined as
class

Deobfuscate/Decode Files or Informationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1140

has facts
invokes op Create Process
may-add op Executable File
may-modify op Event Log
is also defined as
class

Dependencyni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Dependency

has facts
dependent op D3FEND Thing
provider op D3FEND Thing
is also defined as
class

Deserialization of Untrusted Datani back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-502

has facts
may be weakness of op User Input Function
weakness of op Deserialization Function
is also defined as
class

Detectni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Detect

belongs to
Defensive Tactic c
is also defined as
class

Direct Network Floodni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1498.001

has facts
creates op Inbound Internet Network Traffic
is also defined as
class

Direct Volume Accessni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1006

has facts
accesses op Volume
is also defined as
class

Directoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Directory

has facts
may-contain op File
is also defined as
class

DISA FSOni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DISA_FSO

belongs to
Organization c

Disable or Modify System Firewallni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.004

has facts
modifies op System Firewall Configuration
is also defined as
class

Disable or Modify Toolsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.001

has facts
disables op Operating System Process
is also defined as
class

Disable or Remove Feature or Programni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1042

belongs to
ATTACK Mitigation c
has facts
related op Application Configuration Hardening
related op Executable Denylisting
related op Mandatory Access Control

Disable Windows Event Loggingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.002

has facts
may-modify op Application Configuration
may-modify op Operating System Configuration Component
is also defined as
class

Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Discovery

belongs to
Offensive Tactic c
is also defined as
class

Discovery Techniqueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DiscoveryTechnique

has facts
enables op Discovery
is also defined as
class

Disk Content Wipeni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1561.001

has facts
may-modify op Boot Sector
may-modify op Partition
may-modify op Partition Table
may-modify op Volume
modifies op Block Device
is also defined as
class

Disk Encryptionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DiskEncryption

belongs to
Platform Hardening c
has facts
encrypts op Storage
kb-reference op Reference - LUKS1 On-Disk Format SpecificationVersion 1.2.3
d3fend-id dp "D3-DENCR"
is also defined as
class

Disk Structure Wipeni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1561.002

has facts
may-modify op Boot Sector
may-modify op Partition Table
is also defined as
class

Display Device Driverni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DisplayDeviceDriver

has facts
drives op Display Adapter
is also defined as
class

DLL Search Order Hijackingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.001

has facts
may-create op Shared Library File
is also defined as
class

DLL Side-Loadingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.002

has facts
may-create op Shared Library File
may-modify op Shared Library File
is also defined as
class

DNSni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.004

has facts
produces op Outbound Internet DNS Lookup Traffic
is also defined as
class

DNS Allowlistingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSAllowlisting

belongs to
Network Isolation c
has facts
blocks op Outbound Internet DNS Lookup Traffic
kb-reference op Reference - DNS Whitelist (DNSWL) Email Authentication Method Extension
d3fend-id dp "D3-DNSAL"
is also defined as
class

DNS Denylistingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSDenylisting

belongs to
Network Isolation c
has facts
blocks op DNS Network Traffic
kb-reference op Reference - Use DNS Policy for Applying Filters on DNS Queries
d3fend-id dp "D3-DNSDL"
is also defined as
class

DNS Traffic Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSTrafficAnalysis

belongs to
Network Traffic Analysis c
has facts
analyzes op Outbound Internet DNS Lookup Traffic
kb-reference op Reference - Domain age registration alert - Inc Rapid7 Inc RAPID7 Inc
kb-reference op Reference - Heuristic botnet detection - Palo Alto Networks Inc
kb-reference op Reference - Method and system for detecting algorithm-generated domains - VECTRA NETWORKS Inc
kb-reference op Reference - Predicting Domain Generation Algorithms with Long Short-Term Memory Networks
kb-reference op Reference - Sinkholing bad network domains by registering the bad network domains on the internet - Palo Alto Networks Inc
may-contain op DNS Lookup
d3fend-id dp "D3-DNSTA"
is also defined as
class

Do Not Mitigateni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1055

belongs to
ATTACK Mitigation c

Document Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DocumentFile

has facts
may-contain op Executable Script
is also defined as
class

Domain Accountni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.002

has facts
creates op Domain User Account
is also defined as
class

Domain Account Monitoringni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainAccountMonitoring

belongs to
User Behavior Analysis c
has facts
kb-reference op Reference - Audit User Account Management
monitors op Domain User Account
d3fend-id dp "D3-DAM"
is also defined as
class

Domain Accountsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.002

has facts
uses op Domain User Account
is also defined as
class

Domain Frontingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.004

has facts
produces op Outbound Internet Encrypted Web Traffic
is also defined as
class

Domain Nameni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainName

has facts
identifies op IP Address
is also defined as
class

Domain Name Reputation Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainNameReputationAnalysis

belongs to
Identifier Reputation Analysis c
has facts
analyzes op Domain Name
kb-reference op Reference - Database for receiving, storing and compiling information about email messages
kb-reference op Reference - Finding phishing sites
d3fend-id dp "D3-DNRA"
is also defined as
class

Domain Registrationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainRegistration

has facts
may-contain op Domain Name
is also defined as
class

Domain Trust Policyni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainTrustPolicy

belongs to
Credential Hardening c
has facts
kb-reference op Reference - How trust relationships work for resource forests in Azure Active Directory Domain Services
restricts op Directory Service
restricts op Domain Account
d3fend-id dp "D3-DTP"
is also defined as
class

Double File Extensionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.007

has facts
modifies op File System Metadata
is also defined as
class

Downgrade Attackni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.010

has facts
accesses op Legacy System
is also defined as
class

Drive-by Compromiseni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1189

has facts
modifies op Process Segment
produces op Outbound Internet Network Traffic
produces op URL
is also defined as
class

Driver Load Integrity Checkingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DriverLoadIntegrityChecking

belongs to
Platform Hardening c
has facts
authenticates op Hardware Driver
kb-reference op Reference - Integrity assurance through early loading in the boot phase - Crowdstrike Inc
kb-reference op Reference - Protected computing environment - Microsoft Technology Licensing LLC
d3fend-id dp "D3-DLIC"
is also defined as
class

Dylib Hijackingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.004

has facts
may-create op Shared Library File
may-modify op Shared Library File
is also defined as
class

Dynamic Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DynamicAnalysis

belongs to
File Analysis c
has facts
analyzes op Document File
analyzes op Executable File
kb-reference op Reference - Malware analysis system - Palo Alto Networks Inc
kb-reference op Reference - Use of an application controller to monitor and control software file and application environments - Sophos Ltd
d3fend-id dp "D3-DA"
is also defined as
class

Dynamic Resolutionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1568

has facts
produces op Outbound Internet DNS Lookup Traffic
is also defined as
class

Dynamic-link Library Injectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.001

has facts
adds op Shared Library File
invokes op System Call
loads op Shared Library File
is also defined as
class

Elevated Execution with Promptni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.004

has facts
creates op System Configuration Database
invokes op System Call
is also defined as
class

Emailni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Email

has facts
may-contain op File
may-contain op URL
is also defined as
class

Email Attachmentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmailAttachment

has facts
attached-to op Email
is also defined as
class

Email Collectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114

has facts
accesses op Resource
is also defined as
class

Email Forwarding Ruleni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114.003

has facts
modifies op Application Configuration
is also defined as
class

Email Hiding Rulesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.008

has facts
may-create op Email Rule
may-modify op Email Rule
modifies op Application Configuration
is also defined as
class

Email Removalni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmailRemoval

belongs to
File Removal c
has facts
deletes op Email
kb-reference op Reference - System and method for scanning remote services to locate stored objects with malware
may-access op Mail Server
d3fend-id dp "D3-ER"
is also defined as
class

Emondni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.014

has facts
may-create op Property List File
may-modify op Property List File
modifies op Configuration Resource
is also defined as
class

Emulated File Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmulatedFileAnalysis

belongs to
File Analysis c
has facts
analyzes op Document File
analyzes op Executable File
kb-reference op Reference - Network-level polymorphic shellcode detection using emulation
d3fend-id dp "D3-EFA"
is also defined as
class

Enclaveni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Enclave

has facts
may-contain op Local Area Network
is also defined as
class

Encrypt Sensitive Informationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1041

belongs to
ATTACK Mitigation c
has facts
related op Disk Encryption
related op Encrypted Tunnels
related op File Encryption
related op Message Encryption

Encrypted Channelni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1573

has facts
produces op Outbound Internet Encrypted Traffic
is also defined as
class

Encrypted Tunnelsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EncryptedTunnels

belongs to
Network Isolation c
has facts
isolates op Intranet Network
kb-reference op Reference - Security Architecture for the Internet Protocol
d3fend-id dp "D3-ET"
is also defined as
class

Endpoint Health Beaconni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EndpointHealthBeacon

belongs to
Operating System Monitoring c
has facts
kb-reference op Reference - Intrusion detection using a heartbeat - Sophos Ltd
d3fend-id dp "D3-EHB"
is also defined as
class

Environment Variable Permissionsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1039

belongs to
ATTACK Mitigation c
has facts
related op Application Configuration Hardening
related op System File Analysis

Eval Functionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EvalFunction

has facts
invokes op Subroutine
is also defined as
class

Evictni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Evict

belongs to
Defensive Tactic c
is also defined as
class

Exception Handler Pointer Validationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExceptionHandlerPointerValidation

belongs to
Application Hardening c
has facts
kb-reference op Reference - /SAFESEH (Image has Safe Exception Handlers) - Microsoft Docs
validates op Pointer
d3fend-id dp "D3-EHPV"
is also defined as
class

Exchange Email Delegate Permissionsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.002

has facts
modifies op Domain User Account
is also defined as
class

Executable Allowlistingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableAllowlisting

belongs to
Platform Hardening c
has facts
blocks op Executable File
kb-reference op Reference - Enhancing Network Security By Preventing User-Initiated Malware Execution - MITRE
kb-reference op Reference - Computing apparatus with automatic integrity reference generation and maintenance - Tripwire, Inc.
restricts op Create Process
d3fend-id dp "D3-EAL"
is also defined as
class

Executable Binaryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableBinary

has facts
contains op Image Code Segment
contains op Image Data Segment
may-interpret op Executable Script
is also defined as
class

Executable Denylistingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableDenylisting

belongs to
Execution Isolation c
has facts
blocks op Executable File
kb-reference op Reference - Method and apparatus for increasing the speed at which computer viruses are detected - McAfee LLC
kb-reference op Reference - Content extractor and analysis system - Bit 9 Inc, Carbon Black Inc
restricts op Create Process
d3fend-id dp "D3-EDL"
is also defined as
class

Executable Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableFile

has facts
contains op Subroutine
is also defined as
class

Executable Installer File Permissions Weaknessni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.005

has facts
modifies op Service Application
is also defined as
class

Executionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Execution

belongs to
Offensive Tactic c
is also defined as
class

Execution Isolationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutionIsolation

belongs to
Defensive Technique c
has facts
enables op Isolate
d3fend-id dp "D3-EI"
is also defined as
class

Execution Preventionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1038

belongs to
ATTACK Mitigation c
has facts
related op Driver Load Integrity Checking
related op Executable Allowlisting
related op Executable Denylisting
related op Process Segment Execution Prevention

Execution Techniqueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutionTechnique

has facts
enables op Execution
is also defined as
class

Exfiltrationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Exfiltration

belongs to
Offensive Tactic c
is also defined as
class

Exfiltration Over Alternative Protocolni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048

has facts
produces op Internet Network Traffic
is also defined as
class

Exfiltration Over Asymmetric Encrypted Non-C2 Protocolni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048.002

has facts
may-transfer op Certificate File
produces op Outbound Internet Encrypted Traffic
is also defined as
class

Exfiltration Over C2 Channelni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1041

has facts
may-transfer op Certificate File
produces op Internet Network Traffic
is also defined as
class

Exfiltration Over Other Network Mediumni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1011

has facts
produces op Internet Network Traffic
is also defined as
class

Exfiltration Over Symmetric Encrypted Non-C2 Protocolni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048.001

has facts
produces op Outbound Internet Encrypted Traffic
is also defined as
class

Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocolni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048.003

has facts
produces op Outbound Internet Network Traffic
is also defined as
class

Exfiltration over USBni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1052.001

has facts
modifies op Removable Media Device
is also defined as
class

Exfiltration Over Web Serviceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1567

has facts
produces op Outbound Internet Web Traffic
is also defined as
class

Exfiltration Techniqueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExfiltrationTechnique

has facts
enables op Exfiltration
is also defined as
class

Exfiltration to Cloud Storageni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1567.002

has facts
produces op Outbound Internet Encrypted Web Traffic
is also defined as
class

Exfiltration to Code Repositoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1567.001

has facts
may-produce op Outbound Internet Encrypted Remote Terminal Traffic
may-produce op Outbound Internet Encrypted Web Traffic
is also defined as
class

Exploit Protectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1050

belongs to
ATTACK Mitigation c
has facts
related op Application Hardening
related op Exception Handler Pointer Validation
related op Inbound Traffic Filtering
related op Shadow Stack Comparisons

Exploit Public-Facing Applicationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1190

has facts
injects op Database Query
modifies op Process Segment
produces op Inbound Internet Network Traffic
is also defined as
class

Exploitation for Client Executionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1203

has facts
modifies op Process Code Segment
modifies op Stack Frame
is also defined as
class

Exploitation for Credential Accessni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1212

has facts
may-access op Authentication Service
may-access op Credential Management System
may-modify op Process Code Segment
may-modify op Stack Frame
is also defined as
class

Exploitation for Defense Evasionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1211

has facts
may-modify op Process Code Segment
may-modify op Stack Frame
is also defined as
class

Exploitation for Privilege Escalationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1068

has facts
enables op Privilege Escalation
may-modify op Stack Frame
modifies op Process Code Segment
is also defined as
class

Exploitation of Remote Servicesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1210

has facts
may-modify op Process Code Segment
may-modify op Process Segment
may-modify op Stack Frame
produces op Intranet Network Traffic
is also defined as
class

Exploitation of Transient Instruction Executionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CAPEC-663

belongs to
Common Attack Pattern c
has facts
capec-id dp "CAPEC-553"
is also defined as
class

External Defacementni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1491.002

has facts
modifies op Network Resource
is also defined as
class

External Proxyni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.002

has facts
produces op Outbound Internet Network Traffic
is also defined as
class

External Remote Servicesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1133

has facts
produces op Authentication
produces op Authorization
produces op Network Session
is also defined as
class

Fallback Channelsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1008

has facts
produces op Outbound Internet Network Traffic
is also defined as
class

Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#File

has facts
contains op File Section
may-contain op File
may-contain op URL
is also defined as
class

File Access Pattern Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileAccessPatternAnalysis

belongs to
Process Analysis c
has facts
analyzes op Local Resource Access
kb-reference op Reference - File-modifying malware detection - Crowdstrike Inc
d3fend-id dp "D3-FAPA"
is also defined as
class

File Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileAnalysis

belongs to
Defensive Technique c
has facts
analyzes op File
enables op Detect
d3fend-id dp "D3-FA"
is also defined as
class

File and Directory Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1083

has facts
accesses op Directory
accesses op File
is also defined as
class

File and Directory Permissions Modificationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1222

has facts
modifies op Access Control Configuration
is also defined as
class

File Carvingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileCarving

belongs to
Network Traffic Analysis c
has facts
analyzes op File Transfer Network Traffic
kb-reference op Reference - Computer Worm Defense System and Method - FireEye Inc
d3fend-id dp "D3-FC"
is also defined as
class

File Content Rulesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileContentRules

belongs to
File Analysis c
has facts
kb-reference op Reference - Computational modeling and classification of data streams - Crowdstrike Inc
kb-reference op Reference - Detecting script-based malware - Crowdstrike Inc
kb-reference op Reference - Distributed meta-information query in a network - Bit 9 Inc
kb-reference op Reference - System and methods thereof for logical identification of malicious threats across a plurality of end-point devices (epd) communicatively connected by a network - Palo Alto Networks IncCyber Secdo Ltd
d3fend-id dp "D3-FCR"
is also defined as
class

File Creation Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileCreationAnalysis

belongs to
System Call Analysis c
has facts
analyzes op Create File
kb-reference op Reference - CAR-2019-07-002: Lsass Process Dump via Procdump - MITRE
kb-reference op Reference - CAR-2020-09-001: Scheduled Task - FileAccess - MITRE
d3fend-id dp "D3-FCA"
is also defined as
class

File Deletionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.004

has facts
deletes op File
may-modify op File
is also defined as
class

File Encryptionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileEncryption

belongs to
Platform Hardening c
has facts
encrypts op File
kb-reference op Reference - Method for file encryption
d3fend-id dp "D3-FE"
is also defined as
class

File Evictionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileEviction

belongs to
Defensive Technique c
has facts
enables op Evict
d3fend-id dp "D3-FEV"
is also defined as
class

File Hashni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileHash

has facts
identifies op File
is also defined as
class

File Hash Reputation Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileHashReputationAnalysis

belongs to
Identifier Reputation Analysis c
has facts
analyzes op File Hash
kb-reference op Reference - Reputation of an entity associated with a content item
d3fend-id dp "D3-FHRA"
is also defined as
class

File Hashingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileHashing

belongs to
File Analysis c
has facts
kb-reference op Reference - Munin
d3fend-id dp "D3-FH"
is also defined as
class

File Path Open Functionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FilePathOpenFunction

has facts
accesses op File
invokes op Open File
is also defined as
class

File Removalni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileRemoval

belongs to
File Eviction c
has facts
deletes op File
kb-reference op Reference - How Does Antivirus Quarantine Work? - Safety Detectives
may-access op File Server
d3fend-id dp "D3-FR"
is also defined as
class

File Systemni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSystem

has facts
contains op Directory
contains op File
contains op File System Link
contains op File System Metadata
is also defined as
class

File System Sensorni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSystemSensor

has facts
monitors op File
is also defined as
class

File Transfer Protocolsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.002

has facts
produces op Outbound Internet File Transfer Traffic
is also defined as
class

Filter Network Trafficni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1037

belongs to
ATTACK Mitigation c
has facts
related op Network Isolation

Firmware Behavior Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareBehaviorAnalysis

belongs to
Platform Monitoring c
has facts
analyzes op Firmware
kb-reference op Reference - Firmware Behavior Analysis ConFirm
kb-reference op Reference - Firmware Behavior Analysis VIPER
d3fend-id dp "D3-FBA"
is also defined as
class

Firmware Embedded Monitoring Codeni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareEmbeddedMonitoringCode

belongs to
Platform Monitoring c
has facts
analyzes op Firmware
kb-reference op Reference - Firmware Embedded Monitoring Code Red Balloon
kb-reference op Reference - Firmware Embedded Monitoring Code Symbiotes
d3fend-id dp "D3-FEMC"
is also defined as
class

Firmware Sensorni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareSensor

has facts
monitors op Firmware
is also defined as
class

Firmware Verificationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareVerification

belongs to
Platform Monitoring c
has facts
kb-reference op Reference - Firmware Verification Eclypsium
kb-reference op Reference - Firmware Verification Trapezoid
kb-reference op Reference - Platform Firmware Resiliency Guidelines - NIST
verifies op Firmware
d3fend-id dp "D3-FV"
is also defined as
class

Forced Authenticationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1187

has facts
may-modify op Windows Shortcut File
modifies op Authentication Log
produces op Authentication
is also defined as
class

Forward Resolution Domain Denylistingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ForwardResolutionDomainDenylisting

belongs to
DNS Denylisting c
has facts
blocks op Outbound Internet DNS Lookup Traffic
kb-reference op Reference - Use DNS Policy for Applying Filters on DNS Queries
d3fend-id dp "D3-FRDDL"
is also defined as
class

Forward Resolution IP Denylistingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ForwardResolutionIPDenylisting

belongs to
DNS Denylisting c
has facts
blocks op Inbound Internet DNS Response Traffic
kb-reference op Reference - Use DNS Policy for Applying Filters on DNS Queries
d3fend-id dp "D3-FRIDL"
is also defined as
class

FQDN Domain Nameni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FQDNDomainName

belongs to
Domain Name c

Free Memoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FreeMemory

has facts
deletes op Memory Block
is also defined as
class

Gatekeeper Bypassni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.001

has facts
modifies op File System Metadata
is also defined as
class

get foreground windowni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetForegroundWindow

Is defined by
https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-getforegroundwindow
belongs to
Get Open Windows c

Get Open Socketsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetOpenSockets

has facts
enumerates op Pipe
is also defined as
class

Get System Config Valueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetSystemConfigValue

has facts
reads op System Configuration Database Record
is also defined as
class

GNU GCC StackGuardni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GNUGCCStackGuard

belongs to
Stack Frame Canary Validation c

Golden Ticketni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558.001

has facts
forges op Kerberos Ticket Granting Ticket
is also defined as
class

Group Policy Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1615

has facts
reads op Group Policy
is also defined as
class

Group Policy Modificationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1484

has facts
modifies op Group Policy
is also defined as
class

Group Policy Preferencesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.006

has facts
accesses op Group Policy
is also defined as
class

GUI Input Captureni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.002

has facts
accesses op Graphical User Interface
is also defined as
class

Hardenni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Harden

belongs to
Defensive Tactic c
is also defined as
class

Hardware Additionsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1200

has facts
connects op Hardware Device
is also defined as
class

Hardware Component Inventoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardwareComponentInventory

belongs to
Asset Inventory c
has facts
inventories op Hardware Device
kb-reference op Reference - Advanced device matching system
d3fend-id dp "D3-HCI"
is also defined as
class

Hardware Driverni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardwareDriver

has facts
drives op Hardware Device
is also defined as
class

Hardware-based Process Isolationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Hardware-basedProcessIsolation

belongs to
Execution Isolation c
has facts
isolates op Process
kb-reference op Reference - Virtualized process isolation - Advanced Micro Devices Inc
kb-reference op Reference - Approaches for securing an internet endpoint using fine-grained operating system virtualization - Bromium, Inc.
kb-reference op Reference - Isolation of applications within a virtual machine - Bromium, Inc.
restricts op Create Process
d3fend-id dp "D3-HBPI"
is also defined as
class

Hidden File Systemni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.005

has facts
may-modify op System Configuration Database
modifies op Storage
is also defined as
class

Hidden Files and Directoriesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.001

has facts
modifies op File System Metadata
is also defined as
class

Hidden Usersni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.002

has facts
modifies op User Init Configuration File
is also defined as
class

Hidden Windowni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.003

has facts
may-modify op Property List File
may-modify op System Configuration Database
is also defined as
class

Hierarchical Domain Denylistingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HierarchicalDomainDenylisting

belongs to
Forward Resolution Domain Denylisting c
has facts
kb-reference op Reference - Use DNS Policy for Applying Filters on DNS Queries
d3fend-id dp "D3-HDDL"
is also defined as
class

Homoglyph Denylistingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HomoglyphDenylisting

belongs to
Forward Resolution Domain Denylisting c
has facts
kb-reference op Reference - Detection of Malicious IDNHomoglyph Domains
d3fend-id dp "D3-HDL"
is also defined as
class

Homoglyph Detectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HomoglyphDetection

belongs to
Identifier Analysis c
has facts
analyzes op Email
analyzes op URL
kb-reference op Reference - Computer-implemented methods and systems for identifying visually similar text character strings - Greathorn Inc
kb-reference op Reference - System and method for detecting homoglyph attacks with a siamese convolutional neural network - Endgame Inc
d3fend-id dp "D3-HD"
is also defined as
class

Hostni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Host

has facts
contains op Application
contains op Operating System
runs op Operating System
is also defined as
class

Host Configuration Sensorni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HostConfigurationSensor

has facts
monitors op Application Configuration
monitors op Operating System Configuration
is also defined as
class

Hostnameni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Hostname

belongs to
Domain Name c
has facts
identifies op Host
is also defined as
class

HTML Smugglingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.006

has facts
creates op JavaScript Blob
hides op Digital Artifact
is also defined as
class

HTTP URLni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HTTPURL

belongs to
URL c

HTTPS URLni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HTTPSURL

belongs to
URL c

IA-2(1)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_IA-2_1

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Multi-factor Authentication
control-name dp "Identification and Authentication (organizational Users) | Multi-factor Authentication to Privileged Accounts"

IA-2(2)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_IA-2_2

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Multi-factor Authentication
control-name dp "Identification and Authentication (organizational Users) | Multi-factor Authentication to Non-privileged Accounts"

IA-2(4)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_IA-2_4

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Local Account Monitoring
control-name dp "Identification and Authentication (organizational Users) | Local Access to Non-privileged Accounts"

IA-2(6)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_IA-2_6

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Multi-factor Authentication
control-name dp "Identification and Authentication (organizational Users) | Access to Accounts —separate Device"

Identifier Activity Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IdentifierActivityAnalysis

belongs to
Identifier Analysis c
has facts
kb-reference op Reference - The Pyramid of Pain - David Bianco
is also defined as
class

Identifier Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IdentifierAnalysis

belongs to
Defensive Technique c
has facts
analyzes op Identifier
enables op Detect
d3fend-id dp "D3-ID"
is also defined as
class

Identifier Reputation Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IdentifierReputationAnalysis

belongs to
Identifier Analysis c
has facts
kb-reference op Reference - Finding phishing sites
d3fend-id dp "D3-IRA"
is also defined as
class

IIS Componentsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.004

has facts
adds op Software
is also defined as
class

Image Code Segmentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImageCodeSegment

has facts
contains op Subroutine
is also defined as
class

Image File Execution Options Injectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.012

has facts
modifies op System Configuration Database
is also defined as
class

Impactni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Impact

belongs to
Offensive Tactic c
is also defined as
class

Impact Techniqueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImpactTechnique

has facts
enables op Impact
is also defined as
class

Impair Command History Loggingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.003

has facts
may-modify op User Init Script
may-modify op Windows Registry Key
modifies op Process Environment Variable
is also defined as
class

Impersonate Userni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImpersonateUser

belongs to
Impersonate User c
has facts
forges op User Account
is also defined as
class

Implant Container Imageni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1525

has facts
adds op Container Image
is also defined as
class

Import Library Functionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImportLibraryFunction

has facts
loads op Shared Library File
is also defined as
class

Improper Authenticationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-287

has facts
weakness of op Authentication Function
is also defined as
class

Improper Control of Generation of Code ('Code Injection')ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-94

has facts
may be weakness of op Eval Function
may be weakness of op User Input Function
is also defined as
class

Improper Input Validationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-20

has facts
weakness of op User Input Function
is also defined as
class

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-22

has facts
weakness of op User Input Function
is also defined as
class

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-79

has facts
weakness of op User Input Function
is also defined as
class

Improper Neutralization of Special Elements used in a Command ('Command Injection')ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-77

has facts
weakness of op User Input Function
is also defined as
class

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-78

has facts
may be weakness of op Eval Function
may be weakness of op Process Start Function
may be weakness of op User Input Function
is also defined as
class

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-89

has facts
weakness of op User Input Function
is also defined as
class

Improper Restriction of Operations within the Bounds of a Memory Bufferni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-119

has facts
weakness of op Raw Memory Access Function
is also defined as
class

Improper Restriction of XML External Entity Referenceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-611

has facts
weakness of op External Content Inclusion Function
is also defined as
class

Inbound Internet Network Trafficni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundInternetNetworkTraffic

has facts
produces op Network Traffic
is also defined as
class

Inbound Session Volume Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundSessionVolumeAnalysis

belongs to
Network Traffic Analysis c
has facts
analyzes op Inbound Internet Network Traffic
kb-reference op Reference - Detecting DDoS Attack Using Snort
kb-reference op Reference - Identifying a denial-of-service attack in a cloud-based proxy service - Cloudfare Inc.
kb-reference op Reference - Method and system for UDP flood attack detection - Riorey LLC
kb-reference op Reference - Protecting against distributed denial of service attacks - Cisco Technology Inc.
kb-reference op Reference - Protecting against distributed network flood attacks - Juniper Networks Inc.
d3fend-id dp "D3-ISVA"
is also defined as
class

Inbound Traffic Filteringni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundTrafficFiltering

belongs to
Network Traffic Filtering c
has facts
filters op Inbound Network Traffic
kb-reference op Reference - Active firewall system and methodology - McAfee LLC
kb-reference op Reference - Automatically generating rules for connection security - Microsoft
kb-reference op Reference - FWTK - Firewall Toolkit
kb-reference op Reference - Firewall for interent access - Secure Computing LLC
kb-reference op Reference - Firewall for processing a connectionless network packet - National Security Agency
kb-reference op Reference - Firewall for processing connection-oriented and connectionless datagrams over a connection-oriented network - National Security Agency
kb-reference op Reference - Firewalls that filter based upon protocol commands - Intel Corp
kb-reference op Reference - Method for controlling computer network security - Checkpoint Software Technologies Ltd
kb-reference op Reference - Network firewall with proxy - Secure Computing LLC
d3fend-id dp "D3-ITF"
is also defined as
class

Incorrect Default Permissionsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-276

has facts
weakness of op Application Installer
is also defined as
class

Indirect Branch Call Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IndirectBranchCallAnalysis

belongs to
Process Analysis c
has facts
kb-reference op Reference - Indirect Branching Calls
d3fend-id dp "D3-IBCA"
is also defined as
class

Ingress Tool Transferni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1105

has facts
produces op Outbound Internet Network Traffic
is also defined as
class

Initial Accessni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InitialAccess

belongs to
Offensive Tactic c
is also defined as
class

Initial Access Techniqueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InitialAccessTechnique

has facts
enables op Initial Access
is also defined as
class

Input Device Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InputDeviceAnalysis

belongs to
Operating System Monitoring c
has facts
analyzes op Input Device
kb-reference op Reference - http://www.biometric-solutions.com/keystroke-dynamics.html - biometric-solutions.com
kb-reference op Reference - Continuous authentication by analysis of keyboard typing characteristics - Bradford Univ., UK
d3fend-id dp "D3-IDA"
is also defined as
class

Install Root Certificateni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.004

has facts
modifies op Certificate Trust Store
is also defined as
class

Integer Overflow or Wraparoundni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-190

has facts
weakness of op Mathematical Function
is also defined as
class

Integrated Honeynetni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntegratedHoneynet

belongs to
Decoy Environment c
has facts
kb-reference op Reference - Synchronizing a honey network configuration to reflect a target network environment - Palo Alto Networks Inc
spoofs op Intranet Network
d3fend-id dp "D3-IHN"
is also defined as
class

Inter-Process Communication Executionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1559

has facts
injects op Interprocess Communication
is also defined as
class

Internal Defacementni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1491.001

has facts
modifies op Resource
is also defined as
class

Internal Proxyni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.001

has facts
produces op Intranet Network Traffic
is also defined as
class

Internal Spearphishingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1534

has facts
produces op Email
is also defined as
class

Internationalized Domain Nameni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternationalizedDomainName

belongs to
Domain Name c

Internet Articleni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetArticle

belongs to
Reference Type c
is also defined as
class

Intranet IPC Network Trafficni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetIPCNetworkTraffic

has facts
may-contain op File
is also defined as
class

Intranet Web Network Trafficni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetWebNetworkTraffic

has facts
may-contain op File
is also defined as
class

Invalid Code Signatureni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.001

has facts
creates op Executable Binary
is also defined as
class

IO Port Restrictionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IOPortRestriction

belongs to
Execution Isolation c
has facts
filters op Input Device
filters op Removable Media Device
kb-reference op Reference - Computer motherboard having peripheral security functions
kb-reference op Reference - Method and system for controlling communication ports
kb-reference op Reference - USB filter for hub malicious code prevention system
d3fend-id dp "D3-IOPR"
is also defined as
class

iOS Processni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#iOSProcess

belongs to
Process c

IP Addressni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPAddress

has facts
identifies op Network Node
is also defined as
class

IP Reputation Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPReputationAnalysis

belongs to
Identifier Reputation Analysis c
has facts
analyzes op IP Address
kb-reference op Reference - Database for receiving, storing and compiling information about email messages
kb-reference op Reference - Finding phishing sites
d3fend-id dp "D3-IPRA"
is also defined as
class

IPC Traffic Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPCTrafficAnalysis

belongs to
Network Traffic Analysis c
has facts
analyzes op Intranet IPC Network Traffic
kb-reference op Reference - CAR-2013-05-005: SMB Copy and Execution - MITRE
kb-reference op Reference - CAR-2013-01-003: SMB Events Monitoring - MITRE
kb-reference op Reference - CAR-2013-09-003: SMB Session Setups - MITRE
kb-reference op Reference - CAR-2014-03-001: SMB Write Request - NamedPipes - MITRE
kb-reference op Reference - CAR-2013-05-003: SMB Write Request - MITRE
kb-reference op Reference - Security System with Methodology for Interprocess Communication Control - Check Point Software Tech Inc
kb-reference op Reference - CAR-2015-04-001: Remotely Scheduled Tasks via AT - MITRE
d3fend-id dp "D3-IPCTA"
is also defined as
class

IR-4(12)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_IR-4_12

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
related op Dynamic Analysis
control-name dp "Incident Handling | Malicious Code and Forensic Analysis"

IR-4(13)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_IR-4_13

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
related op Decoy Environment
related op Decoy Object
control-name dp "Incident Handling | Behavior Analysis"

Isolateni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Isolate

belongs to
Defensive Tactic c
is also defined as
class

Javascript Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#JavascriptFile

belongs to
Executable Script c

Job Function Access Pattern Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#JobFunctionAccessPatternAnalysis

belongs to
User Behavior Analysis c
has facts
analyzes op Authorization
kb-reference op Reference - Anomaly Detection Using Adaptive Behavioral Profiles - Securonix Inc
d3fend-id dp "D3-JFAPA"
is also defined as
class

Kerberoastingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558.003

has facts
may-produce op RPC Network Traffic
is also defined as
class

Kernelni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Kernel

has facts
contains op Kernel Process Table
loads op Application
manages op Operating System Process
manages op User Process
may-contain op Hardware Driver
may-contain op Kernel Module
is also defined as
class

Kernel API Sensorni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KernelAPISensor

has facts
monitors op System Call
is also defined as
class

Kernel Modules and Extensionsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.006

has facts
modifies op Kernel Module
is also defined as
class

Kernel-based Process Isolationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Kernel-basedProcessIsolation

belongs to
Execution Isolation c
has facts
kb-reference op Reference - Overview of the seccomp sandbox
d3fend-id dp "D3-KBPI"
is also defined as
class

Keychainni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1142

has facts
accesses op Encrypted Credential
is also defined as
class

Keychainni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.001

has facts
accesses op MacOS Keychain
is also defined as
class

Keyloggingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.001

has facts
accesses op Keyboard Input Device
is also defined as
class

Lateral Movementni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LateralMovement

belongs to
Offensive Tactic c
is also defined as
class

Lateral Movement Techniqueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LateralMovementTechnique

has facts
enables op Lateral Movement
is also defined as
class

Lateral Tool Transferni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1570

has facts
produces op Intranet File Transfer Traffic
is also defined as
class

Launch Agentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.001

has facts
creates op Property List File
is also defined as
class

Launch Daemonni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.004

has facts
modifies op Property List File
is also defined as
class

Launchdni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.004

has facts
creates op Property List File
is also defined as
class

LC_LOAD_DYLIB Additionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.006

has facts
modifies op Executable Binary
is also defined as
class

LD_PRELOADni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.006

has facts
modifies op Operating System Configuration File
is also defined as
class

LDIF Recordni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LDIFRecord

belongs to
User Account c

Limit Access to Resource Over Networkni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1035

belongs to
ATTACK Mitigation c
has facts
related op Network Isolation

Limit Hardware Installationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1034

belongs to
ATTACK Mitigation c
has facts
related op IO Port Restriction

Limit Software Installationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1033

belongs to
ATTACK Mitigation c
has facts
related op Executable Allowlisting
related op Executable Denylisting

Linux ELF File 32bitni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LinuxELFFile32bit

belongs to
Executable Binary c

Linux ELF File 64bitni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LinuxELFFile64bit

belongs to
Executable Binary c

Linux Execni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LinuxExec

belongs to
Create Process c

Linux Processni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LinuxProcess

belongs to
Process c

LLMNR/NBT-NS Poisoning and SMB Relayni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1557.001

has facts
produces op Intranet Multicast Network Traffic
is also defined as
class

Local Accountni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.001

has facts
creates op Local User Account
is also defined as
class

Local Account Monitoringni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAccountMonitoring

belongs to
User Behavior Analysis c
has facts
analyzes op Local User Account
kb-reference op Reference - Audit User Account Management
kb-reference op Reference - CAR-2016-04-004: Successful Local Account Login
kb-reference op Reference - OS Query Windows User Collection Code
d3fend-id dp "D3-LAM"
is also defined as
class

Local Accountsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.003

has facts
uses op Local User Account
is also defined as
class

Local Area Networkni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAreaNetwork

has facts
may-contain op Host
is also defined as
class

Local Data Stagingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1074.001

has facts
may-create op File
may-invoke op Create File
is also defined as
class

Local Email Collectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114.001

has facts
reads op Email
is also defined as
class

Local File Permissionsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalFilePermissions

belongs to
Platform Hardening c
has facts
kb-reference op Reference - File and Folder Permissions
restricts op Directory
restricts op File
d3fend-id dp "D3-LFP"
is also defined as
class

Local Resource Accessni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalResourceAccess

has facts
accesses op Local Resource
is also defined as
class

Log Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogFile

has facts
contains op Log
is also defined as
class

Logical Link Mappingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogicalLinkMapping

belongs to
Network Mapping c
has facts
kb-reference op Reference - Libre NMS - Network Map Extension
maps op Logical Link
maps op Network
maps op Network Node
d3fend-id dp "D3-LLM"
is also defined as
class

Login Itemsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.015

has facts
modifies op User Logon Init Resource
is also defined as
class

Logon Script (Mac)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.002

has facts
modifies op User Init Script
is also defined as
class

Logon Script (Windows)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.001

has facts
modifies op User Init Script
is also defined as
class

Logon Userni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogonUser

has facts
authenticates op User Account
is also defined as
class

LSA Secretsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.004

has facts
may-access op Process
may-access op System Password Database
is also defined as
class

LSASS Driverni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.008

has facts
may-create op Shared Library File
modifies op System Service Software
is also defined as
class

LSASS Memoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.001

has facts
accesses op Authentication Service
accesses op Process
is also defined as
class

Lua Script Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LuaScriptFile

belongs to
Executable Script c

MA-3(3)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-3_3

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op User Account Permissions
control-name dp "Maintenance Tools | Prevent Unauthorized Removal"

MA-3(4)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-3_4

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op User Account Permissions
control-name dp "Maintenance Tools | Restricted Tool Use"

MA-3(5)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-3_5

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op User Account Permissions
control-name dp "Maintenance Tools | Execution with Privilege"

MA-3(6)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-3_6

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Software Update
control-name dp "Maintenance Tools | Software Updates and Patches"

MA-4(1)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-4_1

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Local Account Monitoring
control-name dp "Nonlocal Maintenance | Logging and Review"

MA-6ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-6

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Software Update
control-name dp "Timely Maintenance"

MA-6(1)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-6_1

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Software Update
control-name dp "Timely Maintenance | Preventive Maintenance"

MA-6(2)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-6_2

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Software Update
control-name dp "Timely Maintenance | Predictive Maintenance"

MA-6(3)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-6_3

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Software Update
control-name dp "Timely Maintenance | Automated Support for Predictive Maintenance"

macOS Processni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#macOSProcess

belongs to
Process c

Mail Network Trafficni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MailNetworkTraffic

has facts
contains op Email
is also defined as
class

Mail Protocolsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.003

has facts
produces op Outbound Internet Mail Traffic
is also defined as
class

Mail Serverni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MailServer

has facts
runs op Message Transfer Agent
is also defined as
class

Make and Impersonate Tokenni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.003

has facts
copies op Access Token
creates op Login Session
may-modify op Event Log
is also defined as
class

Malicious File Executionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1204.002

has facts
executes op Executable File
is also defined as
class

Malicious Link Executionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1204.001

has facts
accesses op URL
produces op Outbound Internet Web Traffic
is also defined as
class

Man in the Browserni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1185

has facts
produces op Web Network Traffic
is also defined as
class

Man-in-the-Middleni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1557

has facts
produces op Network Traffic
is also defined as
class

Mandatory Access Controlni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MandatoryAccessControl

belongs to
Kernel-based Process Isolation c
has facts
isolates op Process
kb-reference op Reference - Analysis of the Windows Vista Security Model - Symantec Corporation
kb-reference op Reference - Architecture of transparent network security for application containers - Neuvector Inc
restricts op Create Process
d3fend-id dp "D3-MAC"
is also defined as
class

Marketing Materialni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MarketingMaterial

belongs to
Reference Type c

Masquerade Task or Serviceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.004

has facts
modifies op Task Schedule
is also defined as
class

Match Legitimate Name or Locationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.005

has facts
invokes op Move File
may-create op File
is also defined as
class

Mavinjectni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.013

has facts
invokes op Create Thread
modifies op Process Segment
is also defined as
class

Memory Addressni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryAddress

has facts
addresses op Memory Word
is also defined as
class

Memory Address Spaceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryAddressSpace

has facts
contains op Memory Address
is also defined as
class

Memory Allocation Functionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryAllocationFunction

has facts
invokes op Allocate Memory
is also defined as
class

Memory Blockni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryBlock

has facts
contains op Memory Word
may-contain op Record
is also defined as
class

Memory Boundary Trackingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryBoundaryTracking

belongs to
Operating System Monitoring c
has facts
analyzes op Process Code Segment
kb-reference op Reference - Inferential exploit attempt detection - Crowdstrike Inc
d3fend-id dp "D3-MBT"
is also defined as
class

Memory Free Functionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryFreeFunction

has facts
invokes op Free Memory
is also defined as
class

Memory Management Unitni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryManagementUnit

has facts
contains op Translation Lookaside Buffer
creates op Virtual Address
manages op Page Table
manages op Storage
is also defined as
class

Memory Poolni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryPool

has facts
contains op Memory Block
is also defined as
class

Message Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageAnalysis

belongs to
Defensive Technique c
has facts
enables op Detect
d3fend-id dp "D3-MA"
is also defined as
class

Message Authenticationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageAuthentication

belongs to
Message Hardening c
has facts
authenticates op User to User Message
kb-reference op Reference - RFC 6376: DomainKeys Identified Mail (DKIM) Signatures - IETF
kb-reference op Reference - Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1
d3fend-id dp "D3-MAN"
is also defined as
class

Message Encryptionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageEncryption

belongs to
Message Hardening c
has facts
encrypts op User to User Message
kb-reference op Reference - Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1
d3fend-id dp "D3-MENCR"
is also defined as
class

Message Hardeningni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageHardening

belongs to
Defensive Technique c
has facts
enables op Harden
d3fend-id dp "D3-MH"
is also defined as
class

Microsoft VCCLCompilerTool BufferSecurityCheckni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftVCCLCompilerToolBufferSecurityCheck

belongs to
Stack Frame Canary Validation c

Microsoft Word DOC Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordDOCFile

belongs to
Document File c

Microsoft Word DOCB Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordDOCBFile

belongs to
Document File c

Microsoft Word DOCM Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordDOCMFile

belongs to
Document File c

Microsoft Word DOCX Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordDOCXFile

belongs to
Document File c

Microsoft Word DOT Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordDOTFile

belongs to
Document File c

Microsoft Word DOTM Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordDOTMFile

belongs to
Document File c

Microsoft Word DOTX Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordDOTXFile

belongs to
Document File c

Microsoft Word WBK Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordWBKFile

belongs to
Document File c

MMCni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.014

has facts
executes op Command
may-add op Software
may-modify op System Configuration Database
is also defined as
class

Modelni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Model

belongs to
Defensive Tactic c
is also defined as
class

Modify Authentication Processni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556

has facts
modifies op Authentication Service
is also defined as
class

Modify Registryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1112

has facts
modifies op Windows Registry
is also defined as
class

Move Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MoveFile

has facts
modifies op File System Metadata
is also defined as
class

MSBuildni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1127.001

has facts
modifies op Compiler Configuration File
runs op Compiler
is also defined as
class

MSG Email Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MSGEmailFile

belongs to
Email c

Multi-factor Authenticationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1032

belongs to
ATTACK Mitigation c
has facts
related op Multi-factor Authentication

Multi-factor Authenticationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Multi-factorAuthentication

belongs to
Credential Hardening c
has facts
authenticates op User Account
kb-reference op Reference - Method and apparatus for utilizing a token for resource access - Rsa Security Inc.
d3fend-id dp "D3-MFA"
is also defined as
class

Multi-hop Proxyni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.003

has facts
produces op Outbound Internet Network Traffic
is also defined as
class

Multi-Stage Channelsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1104

has facts
produces op Outbound Internet Network Traffic
is also defined as
class

Native API Executionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1106

has facts
invokes op System Call
is also defined as
class

Netsh Helper DLLni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.007

has facts
modifies op System Configuration Database Record
produces op Process
is also defined as
class

Network Directory Resourceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkDirectoryResource

has facts
contains op Directory
is also defined as
class

Network File Resourceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFileResource

has facts
contains op File
is also defined as
class

Network Flowni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFlow

has facts
summarizes op Network Traffic
is also defined as
class

Network Flow Sensorni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFlowSensor

has facts
monitors op Network Flow
is also defined as
class

Network Intrusion Preventionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1031

belongs to
ATTACK Mitigation c
has facts
related op Inbound Traffic Filtering
related op Network Traffic Analysis
related op Outbound Traffic Filtering

Network Isolationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkIsolation

belongs to
Defensive Technique c
has facts
enables op Isolate
d3fend-id dp "D3-NI"
is also defined as
class

Network Logon Scriptni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.003

has facts
modifies op Network Init Script File Resource
is also defined as
class

Network Mappingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkMapping

belongs to
Defensive Technique c
has facts
enables op Model
d3fend-id dp "D3-NM"
is also defined as
class

Network Nodeni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkNode

has facts
runs op Operating System
is also defined as
class

Network Node Inventoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkNodeInventory

belongs to
Asset Inventory c
has facts
inventories op Network Node
kb-reference op Reference - IEEE Standard for Local and Metropolitan Area Networks - Station and Media Access Control Connectivity Discovery
kb-reference op Reference - Qualys Network Passive Sensor Getting Started Guide
kb-reference op Reference - An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks
kb-reference op Reference - Web-Based Enterprise Management
kb-reference op Reference - Windows Management Infrastructure (MI)
kb-reference op Reference - Windows Management Instrumentation (WMI)
d3fend-id dp "D3-NNI"
is also defined as
class

Network Protocol Analyzerni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkProtocolAnalyzer

has facts
monitors op Network Traffic
is also defined as
class

Network Resource Accessni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkResourceAccess

has facts
accesses op Network Resource
accesses op Resource
is also defined as
class

Network Segmentationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1030

belongs to
ATTACK Mitigation c
has facts
related op Broadcast Domain Isolation
related op Encrypted Tunnels
related op Inbound Session Volume Analysis
related op Inbound Traffic Filtering

Network Sessionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkSession

has facts
contains op Network Packet
is also defined as
class

Network Share Connection Removalni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.005

has facts
unmounts op Network File Share Resource
is also defined as
class

Network Sniffingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1040

has facts
may-produce op DNS Lookup
is also defined as
class

Network Trafficni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic

has facts
may-contain op Domain Name
originates-from op Physical Location
is also defined as
class

Network Traffic Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficAnalysis

belongs to
Defensive Technique c
has facts
enables op Detect
d3fend-id dp "D3-NTA"
is also defined as
class

Network Traffic Analysis Softwareni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficAnalysisSoftware

belongs to
Digital Artifact c
is also defined as
class

Network Traffic Community Deviationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficCommunityDeviation

belongs to
Network Traffic Analysis c
has facts
analyzes op Network Traffic
kb-reference op Reference - System for implementing threat detection using daily network traffic community outliers - VECTRA NETWORKS Inc
d3fend-id dp "D3-NTCD"
is also defined as
class

Network Traffic Filteringni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficFiltering

belongs to
Network Isolation c
has facts
filters op Network Traffic
kb-reference op Reference - Active firewall system and methodology - McAfee LLC
kb-reference op Reference - Automatically generating rules for connection security - Microsoft
kb-reference op Reference - FWTK - Firewall Toolkit
kb-reference op Reference - Firewall for interent access - Secure Computing LLC
kb-reference op Reference - Firewall for processing a connectionless network packet - National Security Agency
kb-reference op Reference - Firewall for processing connection-oriented and connectionless datagrams over a connection-oriented network - National Security Agency
kb-reference op Reference - Firewalls that filter based upon protocol commands - Intel Corp
kb-reference op Reference - Method for controlling computer network security - Checkpoint Software Technologies Ltd
kb-reference op Reference - Network firewall with proxy - Secure Computing LLC
d3fend-id dp "D3-NTF"
is also defined as
class

Network Traffic Policy Mappingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficPolicyMapping

belongs to
Network Mapping c
has facts
kb-reference op Reference - Cisco ASR 9000 Series Aggregation Services Routers - Access List Commands
maps op Access Control Configuration
queries op Network Agent
d3fend-id dp "D3-NTPM"
is also defined as
class

Network Vulnerability Assessmentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkVulnerabilityAssessment

belongs to
Network Mapping c
has facts
evaluates op Network
identifies op vulnerability
d3fend-id dp "D3-NVA"
is also defined as
class

NIST SP 800-53 R3ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R3

belongs to
NIST SP 800-53 Control Catalog c
has facts
archived-at dp "https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/archive/2013-04-30"^^anyURI
version dp "3"^^integer

NIST SP 800-53 R4ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R4

belongs to
NIST SP 800-53 Control Catalog c
has facts
archived-at dp "https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/archive/2013-04-30"^^anyURI
version dp "4"^^integer

NIST SP 800-53 R5ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5

belongs to
NIST SP 800-53 Control Catalog c
has facts
has-member op AC-17(8)
has-member op AC-23
has-member op AC-24
has-member op AC-24(1)
has-member op AC-24(2)
has-member op AC-2(1)
has-member op AC-2(13)
has-member op AC-2(2)
has-member op AC-2(3)
has-member op AC-2(4)
has-member op AC-2(5)
has-member op AC-2(6)
has-member op AC-2(7)
has-member op AC-2(9)
has-member op AC-3
has-member op AC-3(11)
has-member op AC-3(13)
has-member op AC-3(3)
has-member op AC-3(7)
has-member op AC-3(8)
has-member op AC-4
has-member op AC-4(1)
has-member op AC-4(10)
has-member op AC-4(11)
has-member op AC-4(12)
has-member op AC-4(13)
has-member op AC-4(14)
has-member op AC-4(15)
has-member op AC-4(17)
has-member op AC-4(19)
has-member op AC-4(20)
has-member op AC-4(21)
has-member op AC-4(26)
has-member op AC-4(27)
has-member op AC-4(28)
has-member op AC-4(29)
has-member op AC-4(3)
has-member op AC-4(30)
has-member op AC-4(32)
has-member op AC-4(4)
has-member op AC-4(5)
has-member op AC-4(6)
has-member op AC-4(8)
has-member op AC-5
has-member op AC-6
has-member op AC-6(1)
has-member op AC-6(10)
has-member op AC-6(3)
has-member op AC-6(4)
has-member op AC-6(5)
has-member op AC-6(6)
has-member op AC-6(9)
has-member op AC-7
has-member op AC-7(3)
has-member op AC-7(4)
has-member op AU-10(5)
has-member op AU-14(2)
has-member op AU-15
has-member op AU-2
has-member op AU-2(1)
has-member op AU-2(2)
has-member op AU-3
has-member op AU-4
has-member op CM-14
has-member op CM-5
has-member op CM-5(1)
has-member op CM-5(3)
has-member op CM-5(5)
has-member op CM-5(6)
has-member op CM-6(3)
has-member op IA-2(1)
has-member op IA-2(2)
has-member op IA-2(4)
has-member op IA-2(6)
has-member op IR-4(12)
has-member op IR-4(13)
has-member op MA-3(3)
has-member op MA-3(4)
has-member op MA-3(5)
has-member op MA-3(6)
has-member op MA-4(1)
has-member op MA-6
has-member op MA-6(1)
has-member op MA-6(2)
has-member op MA-6(3)
has-member op RA-3(3)
has-member op RA-3(4)
has-member op RA-5
has-member op RA-5(2)
has-member op RA-5(3)
has-member op RA-5(4)
has-member op RA-5(5)
has-member op RA-5(6)
has-member op RA-5(7)
has-member op SA-10(1)
has-member op SA-10(3)
has-member op SA-10(4)
has-member op SA-10(5)
has-member op SA-10(6)
has-member op SA-11(1)
has-member op SA-11(8)
has-member op SA-8(18)
has-member op SA-8(22)
has-member op SC-2
has-member op SC-2(1)
has-member op SC-3
has-member op SC-3(1)
has-member op SI-2(4)
has-member op SI-2(5)
has-member op SI-2(6)
has-member op SI-3
has-member op SI-3(10)
has-member op SI-3(4)
has-member op SI-3(8)
has-member op SI-4
has-member op SI-4(2)
has-member op SI-4(4)
archived-at dp "https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final"^^anyURI
version dp "5"^^integer

Non-Application Layer Protocolni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1095

has facts
produces op Outbound Internet Network Traffic
is also defined as
class

non-real-time-analyticni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#non-real-time-analytic

belongs to
Analytic Latency c

non-real-time-evictionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#non-real-time-eviction

belongs to
Eviction Latency c

Non-Standard Portni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1571

has facts
produces op Outbound Internet Network Traffic
is also defined as
class

NTDSni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.003

has facts
accesses op Encrypted Credential
is also defined as
class

NTFS File Attributesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.004

has facts
modifies op File System Metadata
is also defined as
class

NULL Pointer Dereferenceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-476

has facts
weakness of op Pointer Dereferencing Function
is also defined as
class

Office Template Macrosni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.001

has facts
may-add op Executable Script
may-modify op Executable Script
may-modify op System Configuration Database Record
is also defined as
class

Office Testni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.002

has facts
modifies op System Configuration Database Record
is also defined as
class

One-time Passwordni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#One-timePassword

belongs to
Credential Hardening c
has facts
authenticates op User Account
kb-reference op Reference - RFC 2289 - A One-Time Password System
use-limits op Password
d3fend-id dp "D3-OTP"
is also defined as
class

Open Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OpenFile

has facts
accesses op File
is also defined as
class

Operating Systemni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystem

has facts
contains op Kernel
contains op System Service Software
may-contain op Operating System Configuration Component
is also defined as
class

Operating System Configurationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1028

belongs to
ATTACK Mitigation c
has facts
related op Platform Hardening

Operating System Monitoringni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemMonitoring

belongs to
Platform Monitoring c
has facts
enables op Detect
kb-reference op Reference - Host intrusion prevention system using software and user behavior analysis - Sophos Ltd
kb-reference op Reference - CAR-2016-04-002: User Activity from Clearing Event Logs - MITRE
d3fend-id dp "D3-OSM"
is also defined as
class

Operational Activity Mappingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperationalActivityMapping

belongs to
Defensive Technique c
has facts
enables op Model
kb-reference op Reference - Catia UAF Plugin
d3fend-id dp "D3-OAM"
is also defined as
class

Operational Dependency Mappingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperationalDependencyMapping

belongs to
Operational Activity Mapping c
has facts
kb-reference op Reference - Catia UAF Plugin
kb-reference op Reference - Cyber Command System (CYCS)
kb-reference op Reference - Dagger Fact Sheet
kb-reference op Reference - Dagger: Modeling and visualization for mission impact situational awareness
kb-reference op Reference - Mission Dependency Modeling for Cyber Situational Awareness
kb-reference op Reference - Unified Architecture Framework (UAF)
maps op Dependency
maps op Organizational Activity
d3fend-id dp "D3-ODM"
is also defined as
class

Operational Risk Assessmentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperationalRiskAssessment

belongs to
Operational Activity Mapping c
has facts
evaluates op Organization
identifies op vulnerability
kb-reference op Reference - MGT516: Managing Security Vulnerabilities: Enterprise and Cloud
kb-reference op Reference - NIST RMF Quick Start Guide - Assess Step - Frequently Asked Questions (FAQ)
kb-reference op Reference - NIST Special Publication 800-160 Volume 1 - System Security Engineering
kb-reference op Reference - NIST Special Publication 800-37 Revision 2 - Risk Management Framework for Information Systems and Organizations
kb-reference op Reference - NIST Special Publication 800-53A Revision 5 - Assessing Security and Privacy Controls in Information Systems and Organizations
kb-reference op Reference - NISTIR 8011 Volume 1 - Automation Support for Security Control Assessments
d3fend-id dp "D3-ORA"
is also defined as
class

Orchestration Controllerni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrchestrationController

has facts
contains op Container Orchestration Software
is also defined as
class

Organization Mappingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrganizationMapping

belongs to
Operational Activity Mapping c
has facts
kb-reference op Reference - Catia UAF Plugin
kb-reference op Reference - Organizational Management in SAP ERP HCM
kb-reference op Reference - Unified Architecture Framework (UAF)
maps op Dependency
maps op Organization
maps op Person
may-map op Organizational Activity
d3fend-id dp "D3-OM"
is also defined as
class

OS Credential Dumpingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003

has facts
accesses op Credential
is also defined as
class

Out-of-bounds Readni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-125

has facts
weakness of op Raw Memory Access Function
is also defined as
class

Out-of-bounds Writeni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-787

has facts
weakness of op Raw Memory Access Function
is also defined as
class

Outbound Internet DNS Lookup Trafficni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetDNSLookupTraffic

has facts
may-contain op DNS Lookup
is also defined as
class

Outbound Internet File Transfer Trafficni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetFileTransferTraffic

has facts
contains op File
is also defined as
class

Outbound Internet Web Trafficni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetWebTraffic

has facts
may-contain op URL
is also defined as
class

Outbound Traffic Filteringni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundTrafficFiltering

belongs to
Network Traffic Filtering c
has facts
filters op Outbound Network Traffic
kb-reference op Reference - Automatically generating rules for connection security - Microsoft
d3fend-id dp "D3-OTF"
is also defined as
class

Outlook Formsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.003

has facts
adds op Office Application File
is also defined as
class

Outlook Home Pageni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.004

has facts
modifies op Application Configuration Database
is also defined as
class

Outlook Rulesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.005

has facts
modifies op Application Configuration Database
is also defined as
class

Packet Logni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PacketLog

has facts
records op Network Session
is also defined as
class

Page Frameni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PageFrame

has facts
contained-by op Primary Storage
is also defined as
class

Page Tableni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PageTable

has facts
contains op Physical Address
contains op Virtual Address
is also defined as
class

Parent PID Spoofingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.004

has facts
invokes op Create Process
is also defined as
class

Partition Tableni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PartitionTable

has facts
addresses op Partition
is also defined as
class

Pass The Hashni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.002

has facts
creates op Authentication
is also defined as
class

Pass The Ticketni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.003

has facts
creates op Authentication
is also defined as
class

Passive Certificate Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PassiveCertificateAnalysis

belongs to
Certificate Analysis c
Passive Certificate Analysis c
has facts
kb-reference op Reference - Certificate Transparency
kb-reference op Reference - StreamingPhish
d3fend-id dp "D3-PCA"
is also defined as
class

Passive Logical Link Mappingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PassiveLogicalLinkMapping

belongs to
Logical Link Mapping c
has facts
kb-reference op Reference - Tenable Passive Network Monitoring
d3fend-id dp "D3-PLLM"
is also defined as
class

Passive Physical Link Mappingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PassivePhysicalLinkMapping

belongs to
Physical Link Mapping c
is disjoint with
Active Physical Link Mapping
has facts
d3fend-id dp "D3-PPLM"
is also defined as
class

Password Crackingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.002

has facts
accesses op Password
is also defined as
class

Password Filter DLLni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.002

has facts
creates op Shared Library File
modifies op System Configuration Database Record
is also defined as
class

Password Guessingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.001

has facts
accesses op Password
modifies op Authentication Log
produces op Authentication
is also defined as
class

Password Policiesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1027

belongs to
ATTACK Mitigation c
has facts
related op One-time Password
related op Strong Password Policy

Password Sprayingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.003

has facts
accesses op Password
may-create op Intranet Administrative Network Traffic
modifies op Authentication Log
produces op Authentication
is also defined as
class

Patentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Patent

belongs to
Reference Type c
is also defined as
class

Path Interception by PATH Environment Variableni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.007

has facts
creates op Executable File
is also defined as
class

Path Interception by Search Order Hijackingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.008

has facts
creates op Executable File
is also defined as
class

Path Interception by Unquoted Pathni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.009

has facts
creates op Executable File
is also defined as
class

PE32 Executable Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PE32ExecutableFile

belongs to
Executable Binary c

PE32+ Executable Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PE32PLUSExecutableFile

belongs to
Executable Binary c

Per Host Download-Upload Ratio Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PerHostDownload-UploadRatioAnalysis

belongs to
Network Traffic Analysis c
has facts
analyzes op Network Traffic
kb-reference op Reference - System for detecting threats using scenario-based tracking of internal and external network traffic - VECTRA NETWORKS Inc
d3fend-id dp "D3-PHDURA"
is also defined as
class

Peripheral Firmware Verificationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PeripheralFirmwareVerification

belongs to
Firmware Verification c
has facts
kb-reference op Reference - Firmware Verification Eclypsium
kb-reference op Reference - Firmware Verification Trapezoid
verifies op Peripheral Firmware
d3fend-id dp "D3-PFV"
is also defined as
class

Persistenceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Persistence

belongs to
Offensive Tactic c
is also defined as
class

Persistence Techniqueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PersistenceTechnique

has facts
enables op Persistence
is also defined as
class

Physical Link Mappingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PhysicalLinkMapping

belongs to
Network Mapping c
has facts
kb-reference op Reference - Libre NMS - Network Map Extension
maps op Network Node
maps op Physical Link
d3fend-id dp "D3-PLM"
is also defined as
class

Platformni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Platform

has facts
contains op Firmware
contains op Hardware Device
contains op Operating System
is also defined as
class

Platform Hardeningni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PlatformHardening

belongs to
Defensive Technique c
has facts
enables op Harden
d3fend-id dp "D3-PH"
is also defined as
class

Platform Monitoringni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PlatformMonitoring

belongs to
Defensive Technique c
has facts
enables op Detect
d3fend-id dp "D3-PM"
is also defined as
class

Plist Modificationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.011

has facts
modifies op Application Configuration File
is also defined as
class

Pluggable Authentication Modulesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.003

has facts
may-modify op Operating System Configuration File
may-modify op Operating System Shared Library File
is also defined as
class

Pointer Authenticationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PointerAuthentication

belongs to
Application Hardening c
has facts
authenticates op Pointer
kb-reference op Reference - Pointer Authentication on ARMv8.3
kb-reference op Reference - Pointer Authentication Project Zero
d3fend-id dp "D3-PAN"
is also defined as
class

Pointer Dereferencing Functionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PointerDereferencingFunction

has facts
addresses op Memory Block
addresses op Pointer
is also defined as
class

Port Knockingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1205.001

has facts
produces op Network Traffic
is also defined as
class

Port Monitorsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.010

has facts
modifies op System Configuration Database Record
is also defined as
class

Portable Executable Injectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.002

has facts
may-add op Object File
is also defined as
class

PowerShell Profileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.013

has facts
modifies op PowerShell Profile Script
is also defined as
class

Powershell Script Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PowershellScriptFile

belongs to
Executable Script c

Pre-compromiseni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1056

belongs to
ATTACK Mitigation c
has facts
related op Decoy Environment
related op Decoy Object

Primary Storageni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrimaryStorage

has facts
contains op Page Frame
contains op Process Segment
is also defined as
class

Private Keysni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.004

has facts
accesses op Private Key
is also defined as
class

Privilege Escalationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrivilegeEscalation

belongs to
Offensive Tactic c
is also defined as
class

Privilege Escalation Techniqueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrivilegeEscalationTechnique

has facts
enables op Privilege Escalation
is also defined as
class

Privileged Account Managementni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1026

belongs to
ATTACK Mitigation c
has facts
related op Domain Account Monitoring
related op Local Account Monitoring
related op Strong Password Policy

Privileged Process Integrityni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1025

belongs to
ATTACK Mitigation c
has facts
related op Bootloader Authentication
related op Driver Load Integrity Checking
related op Mandatory Access Control
related op Process Segment Execution Prevention

Proc Filesystemni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.007

has facts
accesses op Operating System File
accesses op Process Image
is also defined as
class

Proc Memoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.009

has facts
accesses op Operating System File
may-modify op Operating System File
is also defined as
class

Procedure 1 - T1134.001 Access Token Manipulationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#procedure-1

belongs to
procedure c
has facts
implements op Token Impersonation/Theft
start op Step 1 - Copy Token

Processni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Process

has facts
contains op Process Image
instructed-by op Software
may-execute op Thread
process-image-path op Executable Binary
process-user op User Account
uses op Resource
is also defined as
class

Process Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessAnalysis

belongs to
Defensive Technique c
has facts
enables op Detect
d3fend-id dp "D3-PA"
is also defined as
class

Process Code Segmentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessCodeSegment

has facts
contains op Subroutine
may-contain op Process Segment
is also defined as
class

Process Code Segment Verificationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessCodeSegmentVerification

belongs to
Process Analysis c
has facts
kb-reference op Reference - Anti-tamper system with self-adjusting guards - ARXAN TECHNOLOGIES Inc
kb-reference op Reference - Guards for application in software tamperproofing - Purdue Research Foundation
kb-reference op Reference - System and method for detecting malware injected into memory of a computing device - Endgame Inc
kb-reference op Reference - System and method for validating in-memory integrity of executable files to identify malicious activity - Endgame Inc
kb-reference op Reference - Tamper proof mutating software - ARXAN TECHNOLOGIES Inc
kb-reference op Reference - Threat detection through the accumulated detection of threat characteristics - Sophos Ltd
verifies op Process Code Segment
d3fend-id dp "D3-PCSV"
is also defined as
class

Process Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1057

has facts
may-invoke op Create Process
may-invoke op Get Running Processes
is also defined as
class

Process Doppelgängingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.013

has facts
invokes op Create Process
is also defined as
class

Process Evictionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessEviction

belongs to
Defensive Technique c
has facts
enables op Evict
d3fend-id dp "D3-PE"
is also defined as
class

Process Hollowingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.012

has facts
modifies op Process Code Segment
is also defined as
class

Process Imageni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessImage

has facts
contains op Process Segment
is also defined as
class

Process Lineage Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessLineageAnalysis

belongs to
Process Spawn Analysis c
has facts
analyzes op Process
analyzes op Process Tree
kb-reference op Reference - CAR-2014-11-008: Command Launched from WinLogon - MITRE
kb-reference op Reference - CAR-2014-11-003: Debuggers for Accessibility Applications - MITRE
kb-reference op Reference - CAR-2019-04-002: Generic Regsvr32 - MITRE
kb-reference op Reference - CAR-2014-11-002: Outlier Parents of Cmd - MITRE
kb-reference op Reference - CAR-2013-02-003: Processes Spawning cmd.exe - MITRE
kb-reference op Reference - CAR-2013-04-002: Quick execution of a series of suspicious commands - MITRE
kb-reference op Reference - CAR-2013-03-001: Reg.exe called from Command Shell - MITRE
kb-reference op Reference - CAR-2014-12-001: Remotely Launched Executables via WMI - MITRE
kb-reference op Reference - CAR-2013-09-005: Service Outlier Executables - MITRE
kb-reference op Reference - CAR-2014-07-001: Service Search Path Interception - MITRE
kb-reference op Reference - CAR-2014-05-002: Services launching Cmd - MITRE
kb-reference op Reference - System and methods thereof for causality identification and attributions determination of processes in a network - Palo Alto Networks IncCyber Secdo Ltd
kb-reference op Reference - System and methods thereof for identification of suspicious system processes - Palo Alto Networks Inc
kb-reference op Reference - CAR-2019-04-001: UAC Bypass - MITRE
kb-reference op Reference - CAR-2020-11-002: Local Network Sniffing - MITRE
kb-reference op Reference - CAR-2020-11-004: Processes Started From Irregular Parent - MITRE
kb-reference op Reference - CAR-2021-02-002: Get System Elevation - MITRE
kb-reference op Reference - CAR-2021-05-003: BCDEdit Failure Recovery Modification - MITRE
d3fend-id dp "D3-PLA"
is also defined as
class

Process Segment Execution Preventionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSegmentExecutionPrevention

belongs to
Application Hardening c
has facts
kb-reference op Reference - Mitigate threats by using Windows 10 security features: Data Execution Prevention - Microsoft
kb-reference op Reference - What is NX/XD feature?
neutralizes op Process Segment
d3fend-id dp "D3-PSEP"
is also defined as
class

Process Self-Modification Detectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSelf-ModificationDetection

belongs to
Process Analysis c
has facts
analyzes op Process
kb-reference op Reference - System and Method for Process Hollowing Detection - Carbon Black Inc
d3fend-id dp "D3-PSMD"
is also defined as
class

Process Spawn Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSpawnAnalysis

belongs to
Process Analysis c
has facts
analyzes op Create Process
analyzes op Process
kb-reference op Reference - CAR-2019-08-002: Active Directory Dumping via NTDSUtil - MITRE
kb-reference op Reference - CAR-2013-07-005: Command Line Usage of Archiving Software - MITRE
kb-reference op Reference - CAR-2016-03-002: Create Remote Process via WMIC - MITRE
kb-reference op Reference - CAR-2019-04-004: Credential Dumping via Mimikatz - MITRE
kb-reference op Reference - CAR-2016-03-001: Host Discovery Commands - MITRE
kb-reference op Reference - CAR-2019-07-002: Lsass Process Dump via Procdump - MITRE
kb-reference op Reference - CAR-2014-04-003: Powershell Execution - MITRE
kb-reference op Reference - CAR-2014-03-006: RunDLL32.exe monitoring - MITRE
kb-reference op Reference - CAR-2019-04-003: Squiblydoo - MITRE
kb-reference op Reference - CAR-2013-07-001: Suspicious Arguments - MITRE
kb-reference op Reference - CAR-2013-05-002: Suspicious Run Locations - MITRE
kb-reference op Reference - CAR-2020-04-001: Shadow Copy Deletion - MITRE
kb-reference op Reference - CAR-2020-05-003: Rare LolBAS Command Lines - MITRE
kb-reference op Reference - CAR-2020-08-001: NTFS Alternate Data Stream Execution - System Utilities - MITRE
kb-reference op Reference - CAR-2020-09-003: Indicator Blocking - Driver Unloaded - MITRE
kb-reference op Reference - CAR-2020-09-004: Credentials in Files & Registry - MITRE
kb-reference op Reference - CAR-2020-11-001: Boot or Logon Initialization Scripts - MITRE
kb-reference op Reference - CAR-2020-11-003: DLL Injection with Mavinject - MITRE
kb-reference op Reference - CAR-2020-11-005: Clear Powershell Console Command History - MITRE
kb-reference op Reference - CAR-2020-11-006: Local Permission Group Discovery - MITRE
kb-reference op Reference - CAR-2020-11-007: Network Share Connection Removal - MITRE
kb-reference op Reference - CAR-2020-11-008: MSBuild and msxsl - MITRE
kb-reference op Reference - CAR-2020-11-009: Compiled HTML Access - MITRE
kb-reference op Reference - CAR-2021-01-002: Unusually Long Command Line Strings - MITRE
kb-reference op Reference - CAR-2021-01-003: Clearing Windows Logs with Wevtutil - MITRE
kb-reference op Reference - CAR-2021-01-004: Unusual Child Process for Spoolsv.Exe or Connhost.Exe - MITRE
kb-reference op Reference - CAR-2021-01-006: Unusual Child Process spawned using DDE exploit - MITRE
kb-reference op Reference - CAR-2021-01-007: Detecting Tampering of Windows Defender Command Prompt - MITRE
kb-reference op Reference - CAR-2021-01-008: Disable UAC - MITRE
kb-reference op Reference - CAR-2021-01-009: Detecting Shadow Copy Deletion via Vssadmin.exe - MITRE
kb-reference op Reference - CAR-2021-02-001: Webshell-Indicative Process Tree - MITRE
kb-reference op Reference - CAR-2021-04-001: Common Windows Process Masquerading - MITRE
kb-reference op Reference - CAR-2021-05-001: Attempt To Add Certificate To Untrusted Store - MITRE
kb-reference op Reference - CAR-2021-05-002: Batch File Write to System32 - MITRE
kb-reference op Reference - CAR-2021-05-003: BCDEdit Failure Recovery Modification - MITRE
kb-reference op Reference - CAR-2021-05-004: BITS Job Persistence - MITRE
kb-reference op Reference - CAR-2021-05-005: BITSAdmin Download File - MITRE
kb-reference op Reference - CAR-2021-05-006: CertUtil Download With URLCache and Split Arguments - MITRE
kb-reference op Reference - CAR-2021-05-007: CertUtil Download With VerifyCtl and Split Arguments - MITRE
kb-reference op Reference - CAR-2021-05-008: Certutil exe certificate extraction - MITRE
kb-reference op Reference - CAR-2021-05-009: CertUtil With Decode Argument - MITRE
kb-reference op Reference - CAR-2021-05-010: Create local admin accounts using net exe - MITRE
d3fend-id dp "D3-PSA"
is also defined as
class

Process Start Functionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessStartFunction

has facts
invokes op Create Process
is also defined as
class

Process Suspensionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSuspension

belongs to
Process Eviction c
has facts
kb-reference op Reference - PsSuspend - Microsoft
suspends op Process
d3fend-id dp "D3-PS"
is also defined as
class

Process Terminationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessTermination

belongs to
Process Eviction c
has facts
kb-reference op Reference - Instant process termination tool to recover control of an information handling system - Dell Products LP
kb-reference op Reference - Malware detection using local computational models - Crowdstrike Inc
terminates op Process
d3fend-id dp "D3-PT"
is also defined as
class

Process Treeni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessTree

has facts
contains op Process
is also defined as
class

Processor Cache Memoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CacheMemory

has facts
accessed-by op Central Processing Unit
may-contain op Process Segment
modifies op Processor Cache Memory
is also defined as
class

Processor Registerni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessorRegister

has facts
contained-by op Central Processing Unit
is also defined as
class

Protocol Metadata Anomaly Detectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProtocolMetadataAnomalyDetection

belongs to
Network Traffic Analysis c
has facts
analyzes op Network Traffic
kb-reference op Reference - Method and system for detecting threats using metadata vectors - VECTRA NETWORKS Inc
kb-reference op Reference - Method and system for detecting threats using passive cluster mapping - Vectra Networks Inc
kb-reference op Reference - System for implementing threat detection using daily network traffic community outliers - VECTRA NETWORKS Inc
d3fend-id dp "D3-PMAD"
is also defined as
class

Protocol Tunnelingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1572

has facts
produces op Outbound Internet Network Traffic
is also defined as
class

Ptrace System Callsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.008

has facts
invokes op System Call
is also defined as
class

Query Registryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1012

has facts
accesses op System Configuration Database
may-invoke op Get System Config Value
is also defined as
class

RA-3(3)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-3_3

belongs to
NIST Control c
has facts
broader op File Analysis
broader op Identifier Analysis
broader op Message Analysis
broader op Network Traffic Analysis
broader op Platform Monitoring
broader op Process Analysis
broader op User Behavior Analysis
member-of op NIST SP 800-53 R5
control-name dp "Risk Assessment | Dynamic Threat Awareness"

RA-3(4)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-3_4

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op File Analysis
narrower op Identifier Analysis
narrower op Message Analysis
narrower op Network Traffic Analysis
narrower op Platform Monitoring
narrower op Process Analysis
narrower op User Behavior Analysis
control-name dp "Risk Assessment | Predictive Cyber Analytics"

RA-5ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-5

belongs to
NIST Control c
has facts
broader op Network Traffic Analysis
member-of op NIST SP 800-53 R5
control-name dp "Vulnerability Monitoring and Scanning"

RA-5(2)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-5_2

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Network Traffic Analysis
control-name dp "Vulnerability Monitoring and Scanning | Update Vulnerabilities to Be Scanned"

RA-5(3)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-5_3

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Network Traffic Analysis
control-name dp "Vulnerability Monitoring and Scanning | Breadth and Depth of Coverage"

RA-5(4)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-5_4

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
related op Decoy Environment
related op Decoy Object
control-name dp "Vulnerability Monitoring and Scanning | Discoverable Information"

RA-5(5)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-5_5

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Platform Hardening
control-name dp "Vulnerability Monitoring and Scanning | Privileged Access"

RA-5(6)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-5_6

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Platform Hardening
control-name dp "Vulnerability Monitoring and Scanning | Automated Trend Analyses"

RA-5(7)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-5_7

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Executable Allowlisting
narrower op Executable Denylisting
control-name dp "Vulnerability Monitoring and Scanning | Automated Detection and Notification of Unauthorized Components"

Raw Memory Access Functionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RawMemoryAccessFunction

has facts
accesses op Memory Block
is also defined as
class

Rc.commonni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.004

has facts
modifies op System Init Script
is also defined as
class

RDP Hijackingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1563.002

has facts
accesses op RDP Session
is also defined as
class

Re-opened Applicationsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.007

has facts
modifies op Application Configuration File
is also defined as
class

Read Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReadFile

has facts
reads op File
is also defined as
class

real-time-analyticni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#real-time-analytic

belongs to
Analytic Latency c

real-time-evictionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#real-time-eviction

belongs to
Eviction Latency c

Reconnaissance Techniqueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReconnaissanceTechnique

has facts
enables op reconnaissance
is also defined as
class

Reference - /DYNAMICBASE (Use address space layout randomization) - Microsoft Docsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DYNAMICBASE_UseAddressSpaceLayoutRandomization_MicrosoftDocs

belongs to
User Manual Reference c
has facts
kb-reference-of op Segment Address Offset Randomization
has-link dp "https://docs.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=vs-2019"^^anyURI
kb-reference-title dp "/DYNAMICBASE (Use address space layout randomization)"

Reference - /GS (Buffer Security Check) - Microsoft Docsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-GS_BufferSecurityCheck_MicrosoftDocs

belongs to
User Manual Reference c
has facts
kb-reference-of op Stack Frame Canary Validation
has-link dp "https://docs.microsoft.com/en-us/cpp/build/reference/gs-buffer-security-check?view=vs-2019"^^anyURI
kb-reference-title dp "/GS (Buffer Security Check)"

Reference - /SAFESEH (Image has Safe Exception Handlers) - Microsoft Docsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SAFESEH_ImageHasSafeExceptionHandlers_MicrosoftDocs

belongs to
User Manual Reference c
has facts
kb-reference-of op Exception Handler Pointer Validation
has-link dp "https://docs.microsoft.com/en-us/cpp/build/reference/safeseh-image-has-safe-exception-handlers?view=msvc-160"^^anyURI
kb-reference-title dp "/SAFESEH (Image has Safe Exception Handlers)"

Reference - Account monitoring - Forescout Technologiesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AccountMonitoring_ForescoutTechnologies

belongs to
Patent Reference c
has facts
kb-reference-of op Account Locking
has-link dp "https://patents.google.com/patent/US20190205511A1"^^anyURI
kb-reference-title dp "Account monitoring"

Reference - Active firewall system and methodology - McAfee LLCni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ActiveFirewallSystemAndMethodology_McAfeeLLC

belongs to
Patent Reference c
has facts
kb-reference-of op Inbound Traffic Filtering
has-link dp "https://patents.google.com/patent/US6550012B1"^^anyURI
kb-reference-title dp "Active firewall system and methodology"

Reference - Advanced device matching systemni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AdvancedDeviceMatchingSystem

belongs to
Patent Reference c
has facts
kb-reference-of op Hardware Component Inventory
has-link dp "https://patents.google.com/patent/US10892951B2/"^^anyURI
kb-reference-title dp "Advanced device matching system"

Reference - An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworksni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RFC3411-AnArchitectureForDescribingSimpleNetworkManagementProtocolSNMPManagementFrameworks

belongs to
Specification Reference c
has facts
kb-reference-of op Hardware Component Inventory
has-link dp "https://https://datatracker.ietf.org/doc/html/rfc3411"^^anyURI
kb-reference-title dp "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks"

Reference - Analysis of the Windows Vista Security Model - Symantec Corporationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AnalysisOfTheWindowsVistaSecurityModel_SymantecCorporation

belongs to
Academic Paper Reference c
has facts
kb-reference-of op Mandatory Access Control
has-link dp "https://web.archive.org/web/20140407025337/http://www.symantec.com/avcenter/reference/Windows_Vista_Security_Model_Analysis.pdf"^^anyURI
kb-reference-title dp "Analysis of the Windows Vista Security Model"

Reference - Anomaly Detection Using Adaptive Behavioral Profiles - Securonix Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AnomalyDetectionUsingAdaptiveBehavioralProfiles_SecuronixInc

belongs to
Patent Reference c
has facts
kb-reference-of op Job Function Access Pattern Analysis
has-link dp "https://patents.google.com/patent/US20160226901A1"^^anyURI
kb-reference-title dp "Anomaly Detection Using Adaptive Behavioral Profiles"

Reference - Anti-tamper system with self-adjusting guards - ARXAN TECHNOLOGIES Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Anti-tamperSystemWithSelf-adjustingGuards_ARXANTECHNOLOGIESInc

belongs to
Patent Reference c
has facts
kb-reference-of op Process Code Segment Verification
has-link dp "https://patents.google.com/patent/US20150052603A1"^^anyURI
kb-reference-title dp "Anti-tamper system with self-adjusting guards"

Reference - Apparatus for to provide content to and query a reverse domain name system server - Barrracuda Networksni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ApparatusForToProvideContentToAndQueryAReverseDomainNameSystemServer

belongs to
Patent Reference c
has facts
kb-reference-of op Reverse Resolution Domain Denylisting
has-link dp "https://patents.google.com/patent/US20100174829A1/en?oq=20100174829"^^anyURI
kb-reference-title dp "Apparatus for to provide content to and query a reverse domain name system server"

Reference - Approaches for securing an internet endpoint using fine-grained operating system virtualization - Bromium, Inc.ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ApproachesForSecuringAnInternetEndpointUsingFine-grainedOperatingSystemVirtualization_Bromium,Inc.

belongs to
Patent Reference c
has facts
kb-reference-of op Hardware-based Process Isolation
has-link dp "https://patents.google.com/patent/US20110296412A1"^^anyURI
kb-reference-title dp "Approaches for securing an internet endpoint using fine-grained operating system virtualization"

Reference - Architecture of transparent network security for application containers - Neuvector Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ArchitectureOfTransparentNetworkSecurityForApplicationContainers_NeuvectorInc

belongs to
Patent Reference c
has facts
kb-reference-of op Mandatory Access Control
has-link dp "https://patents.google.com/patent/US20170093922A1"^^anyURI
kb-reference-title dp "Architecture of transparent network security for application containers"

Reference - Audit User Account Managementni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AuditUserAccountManagement

belongs to
Guideline Reference c
has facts
kb-reference-of op Domain Account Monitoring
kb-reference-of op Local Account Monitoring
has-link dp "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-user-account-management"^^anyURI
kb-reference-title dp "Audit User Account Management"

Reference - Automated computer vulnerability resolution systemni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AutomatedComputerVulnerabilityResolutionSystem

belongs to
Patent Reference c
has facts
kb-reference-of op Asset Vulnerability Enumeration
has-link dp "https://patents.google.com/patent/US7308712B2"^^anyURI
kb-reference-title dp "Automated computer vulnerability resolution system"

Reference - Automatically generating network resource groups and assigning customized decoy policies thereto - Illusive Networks Ltdni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AutomaticallyGeneratingNetworkResourceGroupsAndAssigningCustomizedDecoyPoliciesThereto_IllusiveNetworksLtd

belongs to
Patent Reference c
has facts
kb-reference-of op Decoy Network Resource
has-link dp "https://patents.google.com/patent/US20170310689A1"^^anyURI
kb-reference-title dp "Automatically generating network resource groups and assigning customized decoy policies thereto"

Reference - Automatically generating rules for connection security - Microsoftni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AutomaticallyGeneratingRulesForConnectionSecurity_Microsoft

belongs to
Patent Reference c
has facts
kb-reference-of op Inbound Traffic Filtering
kb-reference-of op Outbound Traffic Filtering
has-link dp "https://patents.google.com/patent/US20120054825"^^anyURI
kb-reference-title dp "Automatically generating rules for connection security"

Reference - Biometric Challenge-Response Authentication - Accentureni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-BiometricChallenge-ResponseAuthentication-Accenture

belongs to
Patent Reference c
has facts
kb-reference-of op Multi-factor Authentication
has-link dp "https://www.patentguru.com/US2021110015A1"^^anyURI
kb-reference-title dp "Biometric Challenge-Response Authentication"

Reference - Broadcast isolation and level 3 network switch - Hewlett Packard Enterprise Development LPni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-BroadcastIsolationAndLevel3NetworkSwitch_HewlettPackardEnterpriseDevelopmentLP

belongs to
Patent Reference c
has facts
kb-reference-of op Broadcast Domain Isolation
has-link dp "https://patents.google.com/patent/US5920699A"^^anyURI
kb-reference-title dp "Broadcast isolation and level 3 network switch"

Reference - CAR-2013-01-002: Autorun Differences - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AutorunDifferences_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op System File Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2013-01-002/"^^anyURI
kb-reference-title dp "CAR-2013-01-002: Autorun Differences"

Reference - CAR-2013-01-003: SMB Events Monitoring - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SMBEventsMonitoring_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op IPC Traffic Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2013-01-003/"^^anyURI
kb-reference-title dp "CAR-2013-01-003: SMB Events Monitoring"

Reference - CAR-2013-02-003: Processes Spawning cmd.exe - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ProcessesSpawningCmd.exe_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Lineage Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2013-02-003/"^^anyURI
kb-reference-title dp "CAR-2013-02-003: Processes Spawning cmd.exe"

Reference - CAR-2013-02-008: Simultaneous Logins on a Host - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SimultaneousLoginsOnAHost_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Authentication Event Thresholding
has-link dp "https://car.mitre.org/analytics/CAR-2013-02-008/"^^anyURI
kb-reference-title dp "CAR-2013-02-008: Simultaneous Logins on a Host"

Reference - CAR-2013-02-012: User Logged in to Multiple Hosts - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UserLoggedInToMultipleHosts_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Authentication Event Thresholding
kb-reference-of op Authorization Event Thresholding
has-link dp "https://car.mitre.org/analytics/CAR-2013-02-012/"^^anyURI
kb-reference-title dp "CAR-2013-02-012: User Logged in to Multiple Hosts"

Reference - CAR-2013-03-001: Reg.exe called from Command Shell - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Reg.exeCalledFromCommandShell_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Lineage Analysis
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2013-03-001/"^^anyURI
kb-reference-title dp "CAR-2013-03-001: Reg.exe called from Command Shell"

Reference - CAR-2013-04-002: Quick execution of a series of suspicious commands - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-QuickExecutionOfASeriesOfSuspiciousCommands_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Lineage Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2013-04-002/"^^anyURI
kb-reference-title dp "CAR-2013-04-002: Quick execution of a series of suspicious commands"

Reference - CAR-2013-05-002: Suspicious Run Locations - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SuspiciousRunLocations_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2013-05-002/"^^anyURI
kb-reference-title dp "CAR-2013-05-002: Suspicious Run Locations"

Reference - CAR-2013-05-003: SMB Write Request - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SMBWriteRequest_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op IPC Traffic Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2013-05-003/"^^anyURI
kb-reference-title dp "CAR-2013-05-003: SMB Write Request"

Reference - CAR-2013-05-004: Execution with AT - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ExecutionWithAT_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Scheduled Job Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2013-05-004/"^^anyURI
kb-reference-title dp "CAR-2013-05-004: Execution with AT"

Reference - CAR-2013-05-005: SMB Copy and Execution - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SMBCopyAndExecution_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op IPC Traffic Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2013-05-005/"^^anyURI
kb-reference-title dp "CAR-2013-05-005: SMB Copy and Execution"

Reference - CAR-2013-07-001: Suspicious Arguments - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SuspiciousArguments_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2013-07-001/"^^anyURI
kb-reference-title dp "CAR-2013-07-001: Suspicious Arguments"

Reference - CAR-2013-07-002: RDP Connection Detection - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RDPConnectionDetection_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Remote Terminal Session Detection
has-link dp "https://car.mitre.org/analytics/CAR-2013-07-002"^^anyURI
kb-reference-title dp "CAR-2013-07-002: RDP Connection Detection"

Reference - CAR-2013-07-005: Command Line Usage of Archiving Software - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CommandLineUsageOfArchivingSoftware_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2013-07-005/"^^anyURI
kb-reference-title dp "CAR-2013-07-005: Command Line Usage of Archiving Software"

Reference - CAR-2013-08-001: Execution with schtasks - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ExecutionWithSchtasks_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Scheduled Job Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2013-08-001/"^^anyURI
kb-reference-title dp "CAR-2013-08-001: Execution with schtasks"

Reference - CAR-2013-09-003: SMB Session Setups - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SMBSessionSetups_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Authorization Event Thresholding
kb-reference-of op IPC Traffic Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2013-09-003/"^^anyURI
kb-reference-title dp "CAR-2013-09-003: SMB Session Setups"

Reference - CAR-2013-09-005: Service Outlier Executables - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ServiceOutlierExecutables_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Lineage Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2013-09-005/"^^anyURI
kb-reference-title dp "CAR-2013-09-005: Service Outlier Executables"

Reference - CAR-2013-10-001: User Login Activity Monitoring - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UserLoginActivityMonitoring_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Authentication Event Thresholding
has-link dp "https://car.mitre.org/analytics/CAR-2013-10-001/"^^anyURI
kb-reference-title dp "CAR-2013-10-001: User Login Activity Monitoring"

Reference - CAR-2013-10-002: DLL Injection via Load Library - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DLLInjectionViaLoadLibrary_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op System Call Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2013-10-002/"^^anyURI
kb-reference-title dp "CAR-2013-10-002: DLL Injection via Load Library"

Reference - CAR-2014-02-001: Service Binary Modifications - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ServiceBinaryModifications_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Service Binary Verification
has-link dp "https://car.mitre.org/analytics/CAR-2014-02-001/"^^anyURI
kb-reference-title dp "CAR-2014-02-001: Service Binary Modifications"

Reference - CAR-2014-03-001: SMB Write Request - NamedPipes - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SMBWriteRequest-NamedPipes_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op IPC Traffic Analysis
kb-reference-of op RPC Traffic Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2014-03-001/"^^anyURI
kb-reference-title dp "CAR-2014-03-001: SMB Write Request - NamedPipes"

Reference - CAR-2014-03-005: Remotely Launched Executables via Services - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RemotelyLaunchedExecutablesViaServices_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op RPC Traffic Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2014-03-005/"^^anyURI
kb-reference-title dp "CAR-2014-03-005: Remotely Launched Executables via Services"

Reference - CAR-2014-03-006: RunDLL32.exe monitoring - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RunDLL32.exeMonitoring_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2014-03-006/"^^anyURI
kb-reference-title dp "CAR-2014-03-006: RunDLL32.exe monitoring"

Reference - CAR-2014-04-003: Powershell Execution - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PowershellExecution_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2014-04-003/"^^anyURI
kb-reference-title dp "CAR-2014-04-003: Powershell Execution"

Reference - CAR-2014-05-001: RPC Activity - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2014-05-001%3ARPCActivity_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op RPC Traffic Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2014-05-001/"^^anyURI
kb-reference-title dp "CAR-2014-05-001: RPC Activity"

Reference - CAR-2014-05-002: Services launching Cmd - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ServicesLaunchingCmd_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Lineage Analysis
has-link dp ""^^anyURI
kb-reference-title dp "CAR-2014-05-002: Services launching Cmd"

Reference - CAR-2014-07-001: Service Search Path Interception - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ServiceSearchPathInterception_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Lineage Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2014-07-001/"^^anyURI
kb-reference-title dp "CAR-2014-07-001: Service Search Path Interception"

Reference - CAR-2014-11-002: Outlier Parents of Cmd - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-OutlierParentsOfCmd_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Lineage Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2014-11-002/"^^anyURI
kb-reference-title dp "CAR-2014-11-002: Outlier Parents of Cmd"

Reference - CAR-2014-11-003: Debuggers for Accessibility Applications - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DebuggersForAccessibilityApplications_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Lineage Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2014-11-006/"^^anyURI
kb-reference-title dp "CAR-2014-11-003: Debuggers for Accessibility Applications"

Reference - CAR-2014-11-005: Remote Registry - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RemoteRegistry_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Administrative Network Activity Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2014-11-005/"^^anyURI
kb-reference-title dp "CAR-2014-11-005: Remote Registry"

Reference - CAR-2014-11-006: Windows Remote Management (WinRM) - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-WindowsRemoteManagement_WinRM_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Administrative Network Activity Analysis
has-link dp ""^^anyURI
kb-reference-title dp "CAR-2014-11-006: Windows Remote Management (WinRM)"

Reference - CAR-2014-11-007: Remote Windows Management Instrumentation (WMI) over RPC - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2014-11-007-RemoteWindowsManagementInstrumentation_WMI_OverRPC_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op RPC Traffic Analysis
has-link dp ""^^anyURI
kb-reference-title dp "CAR-2014-11-007: Remote Windows Management Instrumentation (WMI) over RPC"

Reference - CAR-2014-11-008: Command Launched from WinLogon - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CommandLaunchedFromWinLogon_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Lineage Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2014-11-008/"^^anyURI
kb-reference-title dp "CAR-2014-11-008: Command Launched from WinLogon"

Reference - CAR-2014-12-001: Remotely Launched Executables via WMI - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RemotelyLaunchedExecutablesViaWMI_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Lineage Analysis
kb-reference-of op RPC Traffic Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2014-12-001/"^^anyURI
kb-reference-title dp "CAR-2014-12-001: Remotely Launched Executables via WMI"

Reference - CAR-2015-04-001: Remotely Scheduled Tasks via AT - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2015-04-001%3ARemotelyScheduledTasksViaAT_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op IPC Traffic Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2015-04-001/"^^anyURI
kb-reference-title dp "CAR-2015-04-001: Remotely Scheduled Tasks via AT"

Reference - CAR-2015-04-002: Remotely Scheduled Tasks via Schtasks - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RemotelyScheduledTasksViaSchtasks_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op RPC Traffic Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2015-04-002/"^^anyURI
kb-reference-title dp "CAR-2015-04-002: Remotely Scheduled Tasks via Schtasks"

Reference - CAR-2015-07-001: All Logins Since Last Boot - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AllLoginsSinceLastBoot_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Credential Compromise Scope Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2015-07-001/"^^anyURI
kb-reference-title dp "CAR-2015-07-001: All Logins Since Last Boot"

Reference - CAR-2016-03-001: Host Discovery Commands - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-HostDiscoveryCommands_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2016-03-001/"^^anyURI
kb-reference-title dp "CAR-2016-03-001: Host Discovery Commands"

Reference - CAR-2016-03-002: Create Remote Process via WMIC - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CreateRemoteProcessViaWMIC_MITRE_Other

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
kb-reference-of op RPC Traffic Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2016-03-002/"^^anyURI
kb-reference-title dp "CAR-2016-03-002: Create Remote Process via WMIC"

Reference - CAR-2016-04-002: User Activity from Clearing Event Logs - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UserActivityFromClearingEventLogs_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op System File Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2016-04-002/"^^anyURI
kb-reference-title dp "CAR-2016-04-002: User Activity from Clearing Event Logs"

Reference - CAR-2016-04-003: User Activity from Stopping Windows Defensive Services - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UserActivityFromStoppingWindowsDefensiveServices_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op System Daemon Monitoring
has-link dp "https://car.mitre.org/analytics/CAR-2016-04-003/"^^anyURI
kb-reference-title dp "CAR-2016-04-003: User Activity from Stopping Windows Defensive Services"

Reference - CAR-2016-04-004: Successful Local Account Loginni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2016-04-004_SuccessfulLocalAccountLogin

belongs to
External Knowledge Base c
has facts
kb-reference-of op Local Account Monitoring
has-link dp "https://car.mitre.org/analytics/CAR-2016-04-004/"^^anyURI
kb-reference-title dp "Reference - CAR-2016-04-004: Successful Local Account Login"

Reference - CAR-2016-04-005: Remote Desktop Logon - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RemoteDesktopLogon_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Remote Terminal Session Detection
has-link dp "https://car.mitre.org/analytics/CAR-2016-04-005/"^^anyURI
kb-reference-title dp "CAR-2016-04-005: Remote Desktop Logon"

Reference - CAR-2019-04-001: UAC Bypass - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UACBypass_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Lineage Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2019-04-001/"^^anyURI
kb-reference-title dp "CAR-2019-04-001: UAC Bypass"

Reference - CAR-2019-04-002: Generic Regsvr32 - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-GenericRegsvr32_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Lineage Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2019-04-002/"^^anyURI
kb-reference-title dp "CAR-2019-04-002: Generic Regsvr32"

Reference - CAR-2019-04-003: Squiblydoo - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Squiblydoo_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2019-04-003/"^^anyURI
kb-reference-title dp "CAR-2019-04-003: Squiblydoo"

Reference - CAR-2019-04-004: Credential Dumping via Mimikatz - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CredentialDumpingViaMimikatz_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2019-04-004/"^^anyURI
kb-reference-title dp "CAR-2019-04-004: Credential Dumping via Mimikatz"

Reference - CAR-2019-07-001: Access Permission Modification - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AccessPermissionModification_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op System File Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2019-07-001/"^^anyURI
kb-reference-title dp "CAR-2019-07-001: Access Permission Modification"

Reference - CAR-2019-07-002: Lsass Process Dump via Procdump - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-LsassProcessDumpViaProcdump_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2019-07-002/"^^anyURI
kb-reference-title dp "CAR-2019-07-002: Lsass Process Dump via Procdump"

Reference - CAR-2019-08-001: Credential Dumping via Windows Task Manager - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CredentialDumpingViaWindowsTaskManager_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op System Call Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2019-08-001/"^^anyURI
kb-reference-title dp "CAR-2019-08-001: Credential Dumping via Windows Task Manager"

Reference - CAR-2019-08-002: Active Directory Dumping via NTDSUtil - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ActiveDirectoryDumpingViaNTDSUtil_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2019-08-002/"^^anyURI
kb-reference-title dp "CAR-2019-08-002: Active Directory Dumping via NTDSUtil"

Reference - CAR-2020-04-001: Shadow Copy Deletion - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-04-001%3AShadowCopyDeletion_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-04-001/"^^anyURI
kb-reference-title dp "CAR-2020-04-001: Shadow Copy Deletion"

Reference - CAR-2020-05-001: MiniDump of LSASS - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-05-001%3AMiniDumpOfLSASS_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op System Call Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-05-001/"^^anyURI
kb-reference-title dp "CAR-2020-05-001: MiniDump of LSASS"

Reference - CAR-2020-05-003: Rare LolBAS Command Lines - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-05-003%3ARareLolBASCommandLines_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-05-003/"^^anyURI
kb-reference-title dp "CAR-2020-05-003: Rare LolBAS Command Lines"

Reference - CAR-2020-08-001: NTFS Alternate Data Stream Execution - System Utilities - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-08-001%3ANTFSAlternateDataStreamExecution-SystemUtilities_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-08-001/"^^anyURI
kb-reference-title dp "CAR-2020-08-001: NTFS Alternate Data Stream Execution - System Utilities"

Reference - CAR-2020-09-001: Scheduled Task - FileAccess - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-09-001%3AScheduledTask-FileAccess_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op File Creation Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-09-001/"^^anyURI
kb-reference-title dp "CAR-2020-09-001: Scheduled Task - FileAccess"

Reference - CAR-2020-09-002: Component Object Model Hijacking - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-09-002%3AComponentObjectModelHijacking_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op User Session Init Config Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-09-002/"^^anyURI
kb-reference-title dp "CAR-2020-09-002: Component Object Model Hijacking"

Reference - CAR-2020-09-003: Indicator Blocking - Driver Unloaded - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-09-003%3AIndicatorBlocking-DriverUnloaded_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-09-003/"^^anyURI
kb-reference-title dp "CAR-2020-09-003: Indicator Blocking - Driver Unloaded"

Reference - CAR-2020-09-004: Credentials in Files & Registry - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-09-004%3ACredentialsInFiles%26Registry_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-09-004/"^^anyURI
kb-reference-title dp "CAR-2020-09-004: Credentials in Files & Registry"

Reference - CAR-2020-09-005: AppInit DLLs - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-09-005%3AAppInitDLLs_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op System Init Config Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-09-005/"^^anyURI
kb-reference-title dp "CAR-2020-09-005: AppInit DLLs"

Reference - CAR-2020-11-001: Boot or Logon Initialization Scripts - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-001%3ABootOrLogonInitializationScripts_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op System Init Config Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-11-001/"^^anyURI
kb-reference-title dp "CAR-2020-11-001: Boot or Logon Initialization Scripts"

Reference - CAR-2020-11-002: Local Network Sniffing - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-002%3ALocalNetworkSniffing_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Lineage Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-11-002/"^^anyURI
kb-reference-title dp "CAR-2020-11-002: Local Network Sniffing"

Reference - CAR-2020-11-003: DLL Injection with Mavinject - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-003%3ADLLInjectionWithMavinject_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-11-003/"^^anyURI
kb-reference-title dp "CAR-2020-11-003: DLL Injection with Mavinject"

Reference - CAR-2020-11-004: Processes Started From Irregular Parent - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-004%3AProcessesStartedFromIrregularParent_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Lineage Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-11-004/"^^anyURI
kb-reference-title dp "CAR-2020-11-004: Processes Started From Irregular Parent"

Reference - CAR-2020-11-005: Clear Powershell Console Command History - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-005%3AClearPowershellConsoleCommandHistory_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-11-005/"^^anyURI
kb-reference-title dp "CAR-2020-11-005: Clear Powershell Console Command History"

Reference - CAR-2020-11-006: Local Permission Group Discovery - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-006%3ALocalPermissionGroupDiscovery_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-11-006/"^^anyURI
kb-reference-title dp "CAR-2020-11-006: Local Permission Group Discovery"

Reference - CAR-2020-11-007: Network Share Connection Removal - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-007%3ANetworkShareConnectionRemoval_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-11-007/"^^anyURI
kb-reference-title dp "CAR-2020-11-007: Network Share Connection Removal"

Reference - CAR-2020-11-008: MSBuild and msxsl - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-008%3AMSBuildAndMsxsl_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-11-008/"^^anyURI
kb-reference-title dp "CAR-2020-11-008: MSBuild and msxsl"

Reference - CAR-2020-11-009: Compiled HTML Access - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-009%3ACompiledHTMLAccess_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-11-009/"^^anyURI
kb-reference-title dp "CAR-2020-11-009: Compiled HTML Access"

Reference - CAR-2020-11-010: CMSTP - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-010%3ACMSTP_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-11-010/"^^anyURI
kb-reference-title dp "CAR-2020-11-010: CMSTP"

Reference - CAR-2020-11-011: Registry Edit from Screensaverni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-011%3ARegistryEditFromScreensaver

belongs to
External Knowledge Base c
has facts
kb-reference-of op User Session Init Config Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2020-11-011/"^^anyURI
kb-reference-title dp "CAR-2020-11-011: Registry Edit from Screensaver"

Reference - CAR-2021-01-002: Unusually Long Command Line Strings - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-01-002%3AUnusuallyLongCommandLineStrings_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-01-002/"^^anyURI
kb-reference-title dp "CAR-2021-01-002: Unusually Long Command Line Strings"

Reference - CAR-2021-01-003: Clearing Windows Logs with Wevtutil - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-01-003%3AClearingWindowsLogsWithWevtutil_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-01-003/"^^anyURI
kb-reference-title dp "CAR-2021-01-003: Clearing Windows Logs with Wevtutil"

Reference - CAR-2021-01-004: Unusual Child Process for Spoolsv.Exe or Connhost.Exe - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-01-004%3AUnusualChildProcessForSpoolsv.ExeOrConnhost.Exe_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-01-004/"^^anyURI
kb-reference-title dp "CAR-2021-01-004: Unusual Child Process for Spoolsv.Exe or Connhost.Exe"

Reference - CAR-2021-01-006: Unusual Child Process spawned using DDE exploit - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-01-006%3AUnusualChildProcessSpawnedUsingDDEExploit_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-01-006/"^^anyURI
kb-reference-title dp "CAR-2021-01-006: Unusual Child Process spawned using DDE exploit"

Reference - CAR-2021-01-007: Detecting Tampering of Windows Defender Command Prompt - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-01-007%3ADetectingTamperingOfWindowsDefenderCommandPrompt_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-01-007/"^^anyURI
kb-reference-title dp "CAR-2021-01-007: Detecting Tampering of Windows Defender Command Prompt"

Reference - CAR-2021-01-008: Disable UAC - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-01-008%3ADisableUAC_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-01-008/"^^anyURI
kb-reference-title dp "CAR-2021-01-008: Disable UAC"

Reference - CAR-2021-01-009: Detecting Shadow Copy Deletion via Vssadmin.exe - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-01-009%3ADetectingShadowCopyDeletionViaVssadmin.exe_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-01-009/"^^anyURI
kb-reference-title dp "CAR-2021-01-009: Detecting Shadow Copy Deletion via Vssadmin.exe"

Reference - CAR-2021-02-001: Webshell-Indicative Process Tree - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-02-001%3AWebshell-IndicativeProcessTree_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-02-001/"^^anyURI
kb-reference-title dp "CAR-2021-02-001: Webshell-Indicative Process Tree"

Reference - CAR-2021-02-002: Get System Elevation - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-02-002%3AGetSystemElevation_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Lineage Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-02-002/"^^anyURI
kb-reference-title dp "CAR-2021-02-002: Get System Elevation"

Reference - CAR-2021-04-001: Common Windows Process Masquerading - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-04-001%3ACommonWindowsProcessMasquerading_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-04-001/"^^anyURI
kb-reference-title dp "CAR-2021-04-001: Common Windows Process Masquerading"

Reference - CAR-2021-05-001: Attempt To Add Certificate To Untrusted Store - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-001%3AAttemptToAddCertificateToUntrustedStore_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-05-001/"^^anyURI
kb-reference-title dp "CAR-2021-05-001: Attempt To Add Certificate To Untrusted Store"

Reference - CAR-2021-05-002: Batch File Write to System32 - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-002%3ABatchFileWriteToSystem32_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-05-002/"^^anyURI
kb-reference-title dp "CAR-2021-05-002: Batch File Write to System32"

Reference - CAR-2021-05-003: BCDEdit Failure Recovery Modification - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-003%3ABCDEditFailureRecoveryModification_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-05-003/"^^anyURI
kb-reference-title dp "CAR-2021-05-003: BCDEdit Failure Recovery Modification"

Reference - CAR-2021-05-004: BITS Job Persistence - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-004%3ABITSJobPersistence_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-05-004/"^^anyURI
kb-reference-title dp "CAR-2021-05-004: BITS Job Persistence"

Reference - CAR-2021-05-005: BITSAdmin Download File - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-005%3ABITSAdminDownloadFile_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-05-005/"^^anyURI
kb-reference-title dp "CAR-2021-05-005: BITSAdmin Download File"

Reference - CAR-2021-05-006: CertUtil Download With URLCache and Split Arguments - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-006%3ACertUtilDownloadWithURLCacheAndSplitArguments_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-05-006/"^^anyURI
kb-reference-title dp "CAR-2021-05-006: CertUtil Download With URLCache and Split Arguments"

Reference - CAR-2021-05-007: CertUtil Download With VerifyCtl and Split Arguments - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-007%3ACertUtilDownloadWithVerifyCtlAndSplitArguments_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-05-007/"^^anyURI
kb-reference-title dp "CAR-2021-05-007: CertUtil Download With VerifyCtl and Split Arguments"

Reference - CAR-2021-05-008: Certutil exe certificate extraction - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-008%3ACertutilExeCertificateExtraction_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-05-008/"^^anyURI
kb-reference-title dp "CAR-2021-05-008: Certutil exe certificate extraction"

Reference - CAR-2021-05-009: CertUtil With Decode Argument - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-009%3ACertUtilWithDecodeArgument_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-05-009/"^^anyURI
kb-reference-title dp "CAR-2021-05-009: CertUtil With Decode Argument"

Reference - CAR-2021-05-010: Create local admin accounts using net exe - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-010%3ACreateLocalAdminAccountsUsingNetExe_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op Process Spawn Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-05-010/"^^anyURI
kb-reference-title dp "CAR-2021-05-010: Create local admin accounts using net exe"

Reference - CAR-2021-05-011: Create Remote Thread into LSASS - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-011%3ACreateRemoteThreadIntoLSASS_MITRE

belongs to
External Knowledge Base c
has facts
kb-reference-of op System Call Analysis
has-link dp "https://car.mitre.org/analytics/CAR-2021-05-011/"^^anyURI
kb-reference-title dp "CAR-2021-05-011: Create Remote Thread into LSASS"

Reference - Catia UAF Pluginni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CatiaUAFPlugin

belongs to
Internet Article Reference c
has facts
kb-reference-of op Data Exchange Mapping
kb-reference-of op Operational Activity Mapping
kb-reference-of op Operational Dependency Mapping
kb-reference-of op Organization Mapping
kb-reference-of op Service Dependency Mapping
kb-reference-of op System Dependency Mapping
has-link dp "https://www.3ds.com/products-services/catia/products/no-magic/addons/uaf-plugin/"^^anyURI
kb-reference-title dp "Catia UAF Plugin"

Reference - Certificate and Public Key Pinningni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CertificateAndPublicKeyPinning

belongs to
Technique Reference c
has facts
kb-reference-of op Certificate Pinning
has-link dp "https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning"^^anyURI
kb-reference-title dp "Certificate and Public Key Pinning"

Reference - Certificate Transparencyni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CertificateTransparency

belongs to
Technique Reference c
has facts
kb-reference-of op Passive Certificate Analysis
has-link dp "https://www.certificate-transparency.org/"^^anyURI
kb-reference-title dp "Certificate Transparency"

Reference - Cisco ASR 9000 Series Aggregation Services Routers - Access List Commandsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CiscoASR9000AccessListCommands

belongs to
User Manual Reference c
has facts
kb-reference-of op Network Traffic Policy Mapping
has-link dp "https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-0/addr_serv/command/reference/ir40asrbook_chapter1.html"^^anyURI
kb-reference-title dp "Cisco ASR 9000 Series Aggregation Services Routers - Access List Commands"

Reference - Computational modeling and classification of data streams - Crowdstrike Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ComputationalModelingAndClassificationOfDataStreams_CrowdstrikeInc

belongs to
Patent Reference c
has facts
kb-reference-of op File Content Rules
has-link dp "https://patents.google.com/patent/US20180197089A1/en?oq=US-2018197089-A1"^^anyURI
kb-reference-title dp "Computational modeling and classification of data streams"

Reference - Computer motherboard having peripheral security functionsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ComputerMotherboardHavingPeripheralSecurityFunctions

belongs to
Patent Reference c
has facts
kb-reference-of op IO Port Restriction
has-link dp "https://patents.google.com/patent/US8869308B2/en"^^anyURI
kb-reference-title dp "Computer motherboard having peripheral security functions"

Reference - Computer Worm Defense System and Method - FireEye Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ComputerWormDefenseSystemAndMethod_FireEyeInc

belongs to
Patent Reference c
has facts
kb-reference-of op File Carving
has-link dp "https://patents.google.com/patent/US20130036472A1"^^anyURI
kb-reference-title dp "Computer Worm Defense System and Method"

Reference - Computer-implemented methods and systems for identifying visually similar text character strings - Greathorn Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Computer-implementedMethodsAndSystemsForIdentifyingVisuallySimilarTextCharacterStrings_GreathornInc

belongs to
Patent Reference c
has facts
kb-reference-of op Homoglyph Detection
has-link dp "https://patents.google.com/patent/US10320815B2/en?oq=US-10320815-B2"^^anyURI
kb-reference-title dp "Computer-implemented methods and systems for identifying visually similar text character strings"

Reference - Computing apparatus with automatic integrity reference generation and maintenance - Tripwire, Inc.ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ComputingApparatusWithAutomaticIntegrityReferenceGenerationAndMaintenance_Tripwire,Inc.

belongs to
Patent Reference c
has facts
kb-reference-of op Executable Allowlisting
has-link dp "https://patents.google.com/patent/US20040060046A1"^^anyURI
kb-reference-title dp "Computing apparatus with automatic integrity reference generation and maintenance"

Reference - Configure User Access Control and Permissionsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ConfigureUserAccessControlAndPermissions

belongs to
Internet Article Reference c
has facts
kb-reference-of op User Account Permissions
has-link dp "https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/configure/user-access-control"^^anyURI
kb-reference-title dp "Configure User Access Control and Permissions"

Reference - Content extractor and analysis system - Bit 9 Inc, Carbon Black Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ContentExtractorAndAnalysisSystem_Bit9Inc,CarbonBlackInc

belongs to
Patent Reference c
has facts
kb-reference-of op Executable Denylisting
has-link dp "https://patents.google.com/patent/US20070028110A1"^^anyURI
kb-reference-title dp "Content extractor and analysis system"

Reference - Continuous authentication by analysis of keyboard typing characteristics - Bradford Univ., UKni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ContinuousAuthenticationByAnalysisOfKeyboardTypingCharacteristics_BradfordUniv.,UK

belongs to
Academic Paper Reference c
has facts
kb-reference-of op Input Device Analysis
has-link dp "https://ieeexplore.ieee.org/document/491588?reload=true&arnumber=491588"^^anyURI
kb-reference-title dp "Continuous authentication by analysis of keyboard typing characteristics"

Reference - Cyber Command System (CYCS)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CyberCommandSystemCYCS

belongs to
Internet Article Reference c
has facts
kb-reference-of op Operational Dependency Mapping
has-link dp "https://www.mitre.org/research/technology-transfer/technology-licensing/cyber-command-system-cycs"^^anyURI
kb-reference-title dp "Cyber Command System (CYCS)"

Reference - Dagger Fact Sheetni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DaggerFactSheet

belongs to
Internet Article Reference c
has facts
kb-reference-of op Operational Dependency Mapping
has-link dp "https://www.jhuapl.edu/dagger/documents/DaggerFactSheet.pdf"^^anyURI
kb-reference-title dp "Dagger Fact Sheet"

Reference - Dagger: Modeling and visualization for mission impact situational awarenessni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DaggerModelingAndVisualizationForMissionImpactSituationalAwareness

belongs to
Academic Paper Reference c
has facts
kb-reference-of op Operational Dependency Mapping
has-link dp "https://ieeexplore.ieee.org/document/7795296"^^anyURI
kb-reference-title dp "Dagger: Modeling and visualization for mission impact situational awareness"

Reference - Data processing and scanning systems for generating and populating a data inventoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DataProcessingAndScanningSystemsForGeneratingAndPopulatingADataInventory

belongs to
Patent Reference c
has facts
kb-reference-of op Data Inventory
has-link dp "https://patents.google.com/patent/US11240273B2/"^^anyURI
kb-reference-title dp "Data processing and scanning systems for generating and populating a data inventory"

Reference - Database for receiving, storing and compiling information about email messagesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Database_for_receiving_storing_and_compiling_information_about_email_messages

belongs to
Patent Reference c
has facts
kb-reference-of op Domain Name Reputation Analysis
kb-reference-of op IP Reputation Analysis
has-link dp "https://patents.google.com/patent/US20050091319A1/"^^anyURI
kb-reference-title dp "Database for receiving, storing and compiling information about email messages"

Reference - Dead code eliminationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DeadCodeElimination

belongs to
Academic Paper Reference c
has facts
kb-reference-of op Dead Code Elimination
has-link dp "https://nebelwelt.net/files/15LangSec.pdf"^^anyURI
kb-reference-title dp "The Correctness-Security Gap in Compiler Optimization"

Reference - Deception-Based Responses to Security Attacks - Crowdstrike Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Deception-BasedResponsesToSecurityAttacks_CrowdstrikeInc

belongs to
Patent Reference c
has facts
kb-reference-of op Decoy Network Resource
has-link dp "https://patents.google.com/patent/US20140250524A1/en?oq=US-2014250524-A1"^^anyURI
kb-reference-title dp "Deception-Based Responses to Security Attacks"

Reference - Decoy and deceptive data object technology - Cymmetria Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DecoyAndDeceptiveDataObjectTechnology_CymmetriaInc

belongs to
Patent Reference c
has facts
kb-reference-of op Decoy Session Token
kb-reference-of op Decoy User Credential
has-link dp "https://patents.google.com/patent/US20170134423A1"^^anyURI
kb-reference-title dp "Decoy and deceptive data object technology"

Reference - Decoy and deceptive data object technology - Cymmetria, Inc.ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DecoyAndDeceptiveDataObjectTechnology_Cymmetria,Inc.

belongs to
Patent Reference c
has facts
kb-reference-of op Decoy Persona
has-link dp "https://patents.google.com/patent/US20170134423A1"^^anyURI
kb-reference-title dp "Decoy and deceptive data object technology"

Reference - Decoy Network-Based Service for Deceiving Attackers - Amazon Technologiesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DecoyNetwork-BasedServiceForDeceivingAttackers-AmazonTechnologies

belongs to
Patent Reference c
has facts
kb-reference-of op Decoy User Credential
has-link dp "https://patents.google.com/patent/US10873601B1"^^anyURI
kb-reference-title dp "Decoy network-based service for deceiving attackers"

Reference - Decoy Personas for Safeguarding Online Identity Using Deception - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DecoyPersonasForSafeguardingOnlineIdentityUsingDeception_

belongs to
Internet Article Reference c
has facts
kb-reference-of op Decoy Persona
has-link dp "https://web.archive.org/web/20180407204216/https://isc.sans.edu/diary/Decoy+Personas+for+Safeguarding+Online+Identity+Using+Deception/16159"^^anyURI
kb-reference-title dp "Decoy Personas for Safeguarding Online Identity Using Deception"

Reference - Detecting DDoS Attack Using Snortni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DetectingDDoSAttackUsingSnort

belongs to
Academic Paper Reference c
has facts
kb-reference-of op Inbound Session Volume Analysis
has-link dp "https://www.researchgate.net/publication/338660054_DETECTING_DDoS_ATTACK_USING_Snort"^^anyURI
kb-reference-title dp "DETECTING DDoS ATTACK USING Snort"

Reference - Detecting network reconnaissance by tracking intranet dark-net communications - VECTRA NETWORKS Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DetectingNetworkReconnaissanceByTrackingIntranetDark-netCommunications_VECTRANETWORKSInc

belongs to
Patent Reference c
has facts
kb-reference-of op Connection Attempt Analysis
has-link dp "https://patents.google.com/patent/US20150264078A1"^^anyURI
kb-reference-title dp "Detecting network reconnaissance by tracking intranet dark-net communications"

Reference - Detecting script-based malware - Crowdstrike Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DetectingScript-basedMalware_CrowdstrikeInc

belongs to
Patent Reference c
has facts
kb-reference-of op File Content Rules
kb-reference-of op Script Execution Analysis
has-link dp "https://patents.google.com/patent/US20190188384A1"^^anyURI
kb-reference-title dp "Detecting script-based malware"

Reference - Detection of Malicious IDNHomoglyph Domainsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DetectionOfMaliciousIDNHomoglyphDomains

belongs to
Internet Article Reference c
has facts
kb-reference-of op Homoglyph Denylisting
has-link dp "http://essay.utwente.nl/79263/1/Yazdani_MA_EEMCS.pdf"^^anyURI
kb-reference-title dp "Detection of Malicious IDN Homoglyph Domains Using Active DNS Measurements"

Reference - Deterministic method for detecting and blocking of exploits on interpreted code - K2 Cyber Security Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DeterministicMethodForDetectingAndBlockingOfExploitsOnInterpretedCode_K2CyberSecurityInc

belongs to
Patent Reference c
has facts
kb-reference-of op System Call Analysis
has-link dp "https://patents.google.com/patent/US20190180036A1/en?oq=US-2019180036-A1"^^anyURI
kb-reference-title dp "Deterministic method for detecting and blocking of exploits on interpreted code"

Reference - Digital Identity Guidelines 800-63-3ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DigitalIdentityGuidelines800-63-3

belongs to
Guideline Reference c
has facts
kb-reference-of op Strong Password Policy
has-link dp "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf"^^anyURI
kb-reference-title dp "Digital Identity Guidelines"

Reference - Distributed meta-information query in a network - Bit 9 Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DistributedMeta-informationQueryInANetwork_Bit9Inc

belongs to
Patent Reference c
has facts
kb-reference-of op File Content Rules
has-link dp "https://patents.google.com/patent/US20070028302A1/en?oq=US-2007028302-A1"^^anyURI
kb-reference-title dp "Distributed meta-information query in a network"

Reference - DNS Whitelist (DNSWL) Email Authentication Method Extensionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DNSWhitelist-DNSWL-EmailAuthenticationMethodExtension

belongs to
Specification Reference c
has facts
kb-reference-of op DNS Allowlisting
has-link dp "https://datatracker.ietf.org/doc/html/rfc8904"^^anyURI
kb-reference-title dp "DNS Whitelist (DNSWL) Email Authentication Method Extension"

Reference - Domain age registration alert - Inc Rapid7 Inc RAPID7 Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DomainAgeRegistrationAlert_IncRapid7IncRAPID7Inc

belongs to
Patent Reference c
has facts
kb-reference-of op DNS Traffic Analysis
has-link dp "https://patents.google.com/patent/US20170026400A1/"^^anyURI
kb-reference-title dp "Domain age registration alert"

Reference - Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network - Palo Alto Networks Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DynamicSelectionAndGenerationOfAVirtualCloneForDetonationOfSuspiciousContentWithinAHoneyNetwork_PaloAltoNetworksInc

belongs to
Patent Reference c
has facts
kb-reference-of op Decoy Network Resource
kb-reference-of op Standalone Honeynet
has-link dp "https://patents.google.com/patent/US9882929B1/en?oq=US-9882929-B1"^^anyURI
kb-reference-title dp "Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network"

Reference - Embedding contexts for on-line threats into response policy zones - Verisign Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-EmbeddingContextsForOn-lineThreatsIntoResponsePolicyZones-VerisignInc

belongs to
Patent Reference c
has facts
kb-reference-of op Hierarchical Domain Denylisting
has-link dp "https://patents.google.com/patent/US10440059B1"^^anyURI
kb-reference-title dp "Embedding contexts for on-line threats into response policy zones"

Reference - End-to-end certificate pinningni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-End-to-endCertificatePinning

belongs to
Patent Reference c
has facts
kb-reference-of op Certificate Pinning
has-link dp "https://patents.google.com/patent/US9847992B2/en?q=certificate+pinning&oq=certificate+pinning"^^anyURI
kb-reference-title dp "End-to-end Certificate Pinning"

Reference - Enhancing Network Security By Preventing User-Initiated Malware Execution - MITREni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-EnhancingNetworkSecurityByPreventingUser-InitiatedMalwareExecution_

belongs to
Academic Paper Reference c
has facts
kb-reference-of op Executable Allowlisting
has-link dp "https://ieeexplore.ieee.org/document/1425209"^^anyURI
kb-reference-title dp "Enhancing Network Security By Preventing User-Initiated Malware Execution"

Reference - File and Folder Permissionsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FileAndFolderPermissions

belongs to
User Manual Reference c
has facts
kb-reference-of op Local File Permissions
has-link dp "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727008(v=technet.10)?redirectedfrom=MSDN"^^anyURI
kb-reference-title dp "File and Folder Permissions"

Reference - File-modifying malware detection - Crowdstrike Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-File-modifyingMalwareDetection_CrowdstrikeInc

belongs to
Patent Reference c
has facts
kb-reference-of op File Access Pattern Analysis
has-link dp "https://patents.google.com/patent/US20180121650A1/en?oq=US-2018121650-A1"^^anyURI
kb-reference-title dp "File-modifying malware detection"

Reference - Finding phishing sitesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Finding_phishing_sites

belongs to
Patent Reference c
has facts
kb-reference-of op Domain Name Reputation Analysis
kb-reference-of op IP Reputation Analysis
kb-reference-of op URL Reputation Analysis
has-link dp "https://patents.google.com/patent/US8839418B2/"^^anyURI
kb-reference-title dp "Finding phishing sites"

Reference - Firewall for interent access - Secure Computing LLCni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirewallForInterentAccess_SecureComputingLLC

belongs to
Patent Reference c
has facts
kb-reference-of op Inbound Traffic Filtering
has-link dp "https://patents.google.com/patent/GB2317539A"^^anyURI
kb-reference-title dp "Firewall for interent access"

Reference - Firewall for processing a connectionless network packet - National Security Agencyni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirewallForProcessingAConnectionlessNetworkPacket_NationalSecurityAgency

belongs to
Patent Reference c
has facts
kb-reference-of op Inbound Traffic Filtering
has-link dp "https://patents.google.com/patent/US7073196B1"^^anyURI
kb-reference-title dp "Firewall for processing a connectionless network packet"

Reference - Firewall for processing connection-oriented and connectionless datagrams over a connection-oriented network - National Security Agencyni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirewallForProcessingConnection-orientedAndConnectionlessDatagramsOverAConnection-orientedNetwork_NationalSecurityAgency

belongs to
Patent Reference c
has facts
kb-reference-of op Inbound Traffic Filtering
has-link dp "https://patents.google.com/patent/US6615358B1"^^anyURI
kb-reference-title dp "Firewall for processing connection-oriented and connectionless datagrams over a connection-oriented network"

Reference - Firewalls that filter based upon protocol commands - Intel Corpni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirewallsThatFilterBasedUponProtocolCommands_IntelCorp

belongs to
Patent Reference c
has facts
kb-reference-of op Inbound Traffic Filtering
has-link dp "https://patents.google.com/patent/US6832256B1"^^anyURI
kb-reference-title dp "Firewalls that filter based upon protocol commands"

Reference - Firmware Behavior Analysis ConFirmni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirmwareBehaviorAnalysisConFirm

belongs to
Academic Paper Reference c
has facts
kb-reference-of op Firmware Behavior Analysis
has-link dp "http://sites.nyuad.nyu.edu/moma/pdfs/pubs/C22.pdf"^^anyURI
kb-reference-title dp "ConFirm: Detecting Firmware Modifications in Embedded Systems using Hardware Performance Counters"

Reference - Firmware Behavior Analysis VIPERni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirmwareBehaviorAnalysisVIPER

belongs to
Academic Paper Reference c
has facts
kb-reference-of op Firmware Behavior Analysis
has-link dp "https://dl.acm.org/doi/pdf/10.1145/2046707.2046711"^^anyURI
kb-reference-title dp "VIPER: Verifying the Integrity of PERipherals' Firmware"

Reference - Firmware Embedded Monitoring Code Red Balloonni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirmwareEmbeddedMonitoringCodeRedBalloon

belongs to
Patent Reference c
has facts
kb-reference-of op Firmware Embedded Monitoring Code
has-link dp "https://patents.google.com/patent/US10657262B1/en"^^anyURI
kb-reference-title dp "Method and apparatus for securing embedded device firmware"

Reference - Firmware Embedded Monitoring Code Symbiotesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirmwareEmbeddedMonitoringCodeSymbiotes

belongs to
Academic Paper Reference c
has facts
kb-reference-of op Firmware Embedded Monitoring Code
has-link dp "http://nsl.cs.columbia.edu/projects/minestrone/papers/Symbiotes.pdf"^^anyURI
kb-reference-title dp "Defending Embedded Systems with Software Symbiotes"

Reference - Firmware Verification Eclypsiumni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirmwareVerificationEclypsium

belongs to
Patent Reference c
has facts
kb-reference-of op Firmware Verification
has-link dp "https://patents.google.com/patent/US20200074086A1/en"^^anyURI
kb-reference-title dp "Methods and systems for hardware and firmware security monitoring"

Reference - Firmware Verification Trapezoidni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirmwareVerificationTrapezoid

belongs to
Patent Reference c
has facts
kb-reference-of op Firmware Verification
has-link dp "https://patents.google.com/patent/US9674183B2/en"^^anyURI
kb-reference-title dp "System and method for hardware-based trust control management"

Reference - Framework for notifying a directory service of authentication events processed outside the directory service - Oracle International Corpni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FrameworkForNotifyingADirectoryServiceOfAuthenticationEventsProcessedOutsideTheDirectoryService_OracleInternationalCorp

belongs to
Patent Reference c
has facts
kb-reference-of op Account Locking
has-link dp "https://patents.google.com/patent/US20090077645A1"^^anyURI
kb-reference-title dp "Framework for notifying a directory service of authentication events processed outside the directory service"

Reference - FWTK - Firewall Toolkitni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FWTK-FirewallToolkit_

belongs to
Internet Article Reference c
has facts
has-link dp "https://blogs.gartner.com/john_pescatore/2008/10/02/this-week-in-network-security-history-the-firewall-toolkit/"^^anyURI
kb-reference-title dp "FWTK - Firewall Toolkit"

Reference - FWTK Documentation - fwtk.orgni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FWTKDocumentation-Fwtk.org

belongs to
Technique Reference c
has facts
kb-reference-of op Inbound Traffic Filtering
has-link dp "https://web.archive.org/web/20070510153306/http://www.fwtk.org/fwtk/docs/documentation.html#1.1"^^anyURI
kb-reference-title dp "FWTK Documentation"

Reference - Guards for application in software tamperproofing - Purdue Research Foundationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-GuardsForApplicationInSoftwareTamperproofing_PurdueResearchFoundation

belongs to
Patent Reference c
has facts
kb-reference-of op Process Code Segment Verification
has-link dp "https://patents.google.com/patent/US7287166B1/en?oq=US-7287166-B1"^^anyURI
kb-reference-title dp "Guards for application in software tamperproofing"

Reference - Hardware-assisted system and method for detecting and analyzing system calls made to an operting system kernel - Endgame Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Hardware-assistedSystemAndMethodForDetectingAndAnalyzingSystemCallsMadeToAnOpertingSystemKernel_EndgameInc

belongs to
Patent Reference c
has facts
kb-reference-of op System Call Analysis
has-link dp "https://patents.google.com/patent/US20180032728A1/en?oq=US20180032728-A1"^^anyURI
kb-reference-title dp "Hardware-assisted system and method for detecting and analyzing system calls made to an operting system kernel"

Reference - Heuristic botnet detection - Palo Alto Networks Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-HeuristicBotnetDetection_PaloAltoNetworksInc

belongs to
Patent Reference c
has facts
kb-reference-of op DNS Traffic Analysis
has-link dp "https://patents.google.com/patent/US20160156644A1"^^anyURI
kb-reference-title dp "Heuristic botnet detection"

Reference - Host intrusion prevention system using software and user behavior analysis - Sophos Ltdni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-HostIntrusionPreventionSystemUsingSoftwareAndUserBehaviorAnalysis_SophosLtd

belongs to
Patent Reference c
has facts
kb-reference-of op Resource Access Pattern Analysis
kb-reference-of op System Daemon Monitoring
kb-reference-of op Web Session Activity Analysis
has-link dp "https://patents.google.com/patent/US20110023115A1"^^anyURI
kb-reference-title dp "Host intrusion prevention system using software and user behavior analysis"

Reference - How ASLR protects Linux systems from buffer overflow attacks - Network Worldni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-HowASLRProtectsLinuxSystemsFromBufferOverflowAttacks_NetworkWorld

belongs to
Internet Article Reference c
has facts
kb-reference-of op Segment Address Offset Randomization
has-link dp "https://www.networkworld.com/article/3331199/what-does-aslr-do-for-linux.html"^^anyURI
kb-reference-title dp "How ASLR protects Linux systems from buffer overflow attacks"

Reference - How Does Antivirus Quarantine Work? - Safety Detectivesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-HowDoesAntivirusQuarantineWork-SafetyDetectives

belongs to
Internet Article Reference c
has facts
kb-reference-of op File Removal
has-link dp "https://www.safetydetectives.com/blog/how-does-antivirus-quarantine-work/"^^anyURI
kb-reference-title dp "How Does Antivirus Quarantine Work?"

Reference - How to change registry values or permissions from a command line or a scriptni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-HowToChangeRegistryValuesOrPermissionsFromACommandLineOrAScript

belongs to
Internet Article Reference c
has facts
has-link dp "https://docs.microsoft.com/en-us/troubleshoot/windows-client/application-management/change-registry-values-permissions"^^anyURI
kb-reference-title dp "How to change registry values or permissions from a command line or a script"

Reference - How trust relationships work for resource forests in Azure Active Directory Domain Servicesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-HowTrustRelationshipsWorkForResourceForestsInAzureActiveDirectoryDomainServices

belongs to
Internet Article Reference c
has facts
kb-reference-of op Domain Trust Policy
has-link dp "https://docs.microsoft.com/en-us/azure/active-directory-domain-services/concepts-forest-trust"^^anyURI
kb-reference-title dp "How trust relationships work for resource forests in Azure Active Directory Domain Services"

Reference - http://www.biometric-solutions.com/keystroke-dynamics.html - biometric-solutions.comni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-www.biometric-solutions.com_keystroke-dynamics

belongs to
Internet Article Reference c
has facts
kb-reference-of op Input Device Analysis
has-link dp "http://www.biometric-solutions.com/keystroke-dynamics.html"^^anyURI
kb-reference-title dp "Keystroke Dynamics"

Reference - Identification and extraction of key forensics indicators of compromise using subject-specific filesystem viewsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IdentificationAndExtractionOfKeyForensicsIndicatorsOfCompromiseUsingSubject-specificFilesystemViews

belongs to
Patent Reference c
has facts
has-link dp "https://patents.google.com/patent/US20200004962A1/en"^^anyURI
kb-reference-title dp "Identification and extraction of key forensics indicators of compromise using subject-specific filesystem views"

Reference - Identification of traceroute nodes and associated devicesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IdentificationOfTracerouteNodesAndAssociatedDevices

belongs to
Patent Reference c
has facts
has-link dp "https://patents.google.com/patent/US10079749B2/en"^^anyURI
kb-reference-title dp "Identification of traceroute nodes and associated devices"

Reference - Identification of visual international domain name collisions - Verisign Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IdentificationOfVisualInternationalDomainNameCollisions-VerisignInc

belongs to
Patent Reference c
has facts
kb-reference-of op Homoglyph Detection
has-link dp "https://patents.google.com/patent/US10599836B2/en"^^anyURI
kb-reference-title dp "Identification of visual international domain name collisions"

Reference - Identifying a denial-of-service attack in a cloud-based proxy service - Cloudfare Inc.ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IdentifyingADenial-of-serviceAttackInACloud-basedProxyService-CloudfareInc.

belongs to
Patent Reference c
has facts
kb-reference-of op Inbound Session Volume Analysis
has-link dp "https://patents.google.com/patent/US8613089B1"^^anyURI
kb-reference-title dp "Identifying a denial-of-service attack in a cloud-based proxy service"

Reference - IEEE Standard for Local and Metropolitan Area Networks - Station and Media Access Control Connectivity Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IEEE-802_1AB-2016

belongs to
Specification Reference c
has facts
kb-reference-of op Hardware Component Inventory
has-link dp "https://standards.ieee.org/ieee/802.1AB/6047/"^^anyURI
kb-reference-title dp "IEEE Standard for Local and Metropolitan Area Networks - Station and Media Access Control Connectivity Discovery"

Reference - Indirect Branching Callsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IndirectBranchingCalls

belongs to
Academic Paper Reference c
has facts
kb-reference-of op Indirect Branch Call Analysis
has-link dp "https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.1048.1241&rep=rep1&type=pdf"^^anyURI
kb-reference-title dp "Transparent ROP Exploit Mitigation using Indirect Branch Tracing"

Reference - Inferential exploit attempt detection - Crowdstrike Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-InferentialExploitAttemptDetection_CrowdstrikeInc

belongs to
Patent Reference c
has facts
kb-reference-of op Memory Boundary Tracking
has-link dp "https://patents.google.com/patent/US10216934B2/en?oq=US-10216934-B2"^^anyURI
kb-reference-title dp "Inferential exploit attempt detection"

Reference - Instant process termination tool to recover control of an information handling system - Dell Products LPni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-InstantProcessTerminationToolToRecoverControlOfAnInformationHandlingSystem_DellProductsLP

belongs to
Patent Reference c
has facts
kb-reference-of op Process Termination
has-link dp "https://patents.google.com/patent/US20060236108A1/en"^^anyURI
kb-reference-title dp "Instant process termination tool to recover control of an information handling system"

Reference - Integrity assurance through early loading in the boot phase - Crowdstrike Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IntegrityAssuranceThroughEarlyLoadingInTheBootPhase_CrowdstrikeInc

belongs to
Patent Reference c
has facts
kb-reference-of op Driver Load Integrity Checking
has-link dp "https://patents.google.com/patent/US20170061127A1"^^anyURI
kb-reference-title dp "Integrity assurance through early loading in the boot phase"

Reference - Intrusion detection using a heartbeat - Sophos Ltdni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IntrusionDetectionUsingAHeartbeat_SophosLtd

belongs to
Patent Reference c
has facts
kb-reference-of op Endpoint Health Beacon
has-link dp "https://patents.google.com/patent/US20180191752A1"^^anyURI
kb-reference-title dp "Intrusion detection using a heartbeat"

Reference - Isolation of applications within a virtual machine - Bromium, Inc.ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IsolationOfApplicationsWithinAVirtualMachine_Bromium,Inc.

belongs to
Patent Reference c
has facts
kb-reference-of op Hardware-based Process Isolation
has-link dp "https://patents.google.com/patent/US9921860B1"^^anyURI
kb-reference-title dp "Isolation of applications within a virtual machine"

Reference - Libre NMS - Network Map Extensionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-LibreNMSDocsNetworkMapExtension

belongs to
User Manual Reference c
has facts
kb-reference-of op Network Mapping
has-link dp "https://docs.librenms.org/Extensions/Network-Map/"^^anyURI
kb-reference-title dp "Libre NMS - Network Map Extension"

Reference - Libre NMS - Oxidized Extensionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-LibreNMSDocsOxidizedExtension

belongs to
User Manual Reference c
has facts
kb-reference-of op Disk Encryption
has-link dp "https://docs.librenms.org/Extensions/Oxidized/"^^anyURI
kb-reference-title dp "LibreNMSDocs - Oxidized Extension"

Reference - LUKS1 On-Disk Format SpecificationVersion 1.2.3ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-LUKS1On-DiskFormatSpecificationVersion1.2.3

belongs to
Specification Reference c
has facts
kb-reference-of op Disk Encryption
has-link dp "https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf"^^anyURI
kb-reference-title dp "LUKS1 On-Disk Format SpecificationVersion 1.2.3"

Reference - Malicious relay detection on networks - VECTRA NETWORKS Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MaliciousRelayDetectionOnNetworks_VECTRANETWORKSInc

belongs to
Patent Reference c
has facts
kb-reference-of op Relay Pattern Analysis
has-link dp "https://patents.google.com/patent/US20150264083A1"^^anyURI
kb-reference-title dp "Malicious relay detection on networks"

Reference - Malware analysis system - Palo Alto Networks Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MalwareAnalysisSystem_PaloAltoNetworksInc

belongs to
Patent Reference c
has facts
kb-reference-of op Dynamic Analysis
has-link dp "https://patents.google.com/patent/US20150319136A1"^^anyURI
kb-reference-title dp "Malware analysis system"

Reference - Malware detection in event loops - Crowdstrike Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MalwareDetectionInEventLoops_CrowdstrikeInc

belongs to
Patent Reference c
has facts
kb-reference-of op System Call Analysis
has-link dp "https://patents.google.com/patent/US20190205530A1"^^anyURI
kb-reference-title dp "Malware detection in event loops"

Reference - Malware detection using local computational models - Crowdstrike Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MalwareDetectionUsingLocalComputationalModels_CrowdstrikeInc

belongs to
Patent Reference c
has facts
kb-reference-of op Process Termination
has-link dp "https://patents.google.com/patent/US20190026466A1"^^anyURI
kb-reference-title dp "Malware detection using local computational models"

Reference - Method and Apparatus for Detecting Malicious Websites - Endgame Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndApparatusForDetectingMaliciousWebsites_EndgameInc

belongs to
Patent Reference c
has facts
kb-reference-of op URL Analysis
has-link dp "https://patents.google.com/patent/US20140331319A1"^^anyURI
kb-reference-title dp "Method and Apparatus for Detecting Malicious Websites"

Reference - Method and apparatus for increasing the speed at which computer viruses are detected - McAfee LLCni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndApparatusForIncreasingTheSpeedAtWhichComputerVirusesAreDetected_McAfeeLLC

belongs to
Patent Reference c
has facts
kb-reference-of op Executable Denylisting
has-link dp "https://patents.google.com/patent/US5502815A"^^anyURI
kb-reference-title dp "Method and apparatus for increasing the speed at which computer viruses are detected"

Reference - Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - Idaptive LLCni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndApparatusForNetworkFraudDetectionAndRemediationThroughAnalytics_IdaptiveLLC

belongs to
Patent Reference c
has facts
kb-reference-of op Authentication Event Thresholding
kb-reference-of op Authorization Event Thresholding
kb-reference-of op Resource Access Pattern Analysis
kb-reference-of op Session Duration Analysis
kb-reference-of op User Geolocation Logon Pattern Analysis
has-link dp "https://patents.google.com/patent/US20190081968A1/en"^^anyURI
kb-reference-title dp "Method and Apparatus for Network Fraud Detection and Remediation Through Analytics"

Reference - Method and apparatus for utilizing a token for resource access - Rsa Security Inc.ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndApparatusForUtilizingATokenForResourceAccess_RsaSecurityInc.

belongs to
Patent Reference c
has facts
kb-reference-of op Multi-factor Authentication
has-link dp "https://patents.google.com/patent/US5657388A/en"^^anyURI
kb-reference-title dp "Method and apparatus for utilizing a token for resource access"

Reference - Method and system for controlling communication portsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForControllingCommunicationPorts

belongs to
Patent Reference c
has facts
kb-reference-of op IO Port Restriction
has-link dp "https://patents.google.com/patent/US8566924"^^anyURI
kb-reference-title dp "Method and system for controlling communication ports"

Reference - Method and system for detecting algorithm-generated domains - VECTRA NETWORKS Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForDetectingAlgorithm-generatedDomains_VECTRANETWORKSInc

belongs to
Patent Reference c
has facts
kb-reference-of op DNS Traffic Analysis
has-link dp "https://patents.google.com/patent/US20150264070A1"^^anyURI
kb-reference-title dp "Method and system for detecting algorithm-generated domains"

Reference - Method and system for detecting external control of compromised hosts - VECTRA NETWORKS Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForDetectingExternalControlOfCompromisedHosts_VECTRANETWORKSInc

belongs to
Patent Reference c
has facts
kb-reference-of op Remote Terminal Session Detection
has-link dp "https://patents.google.com/patent/US9407647B2/en?oq=US-9407647-B2"^^anyURI
kb-reference-title dp "Method and system for detecting external control of compromised hosts"

Reference - Method and system for detecting malicious payloads - Vectra Networks Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForDetectingMaliciousPayloads_VectraNetworksInc

belongs to
Patent Reference c
has facts
kb-reference-of op Client-server Payload Profiling
has-link dp "https://patents.google.com/patent/EP3293937A1/en?oq=EP-3293937-A1"^^anyURI
kb-reference-title dp "Method and system for detecting malicious payloads"

Reference - Method and system for detecting restricted content associated with retrieved content - Sophos Ltdni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForDetectingRestrictedContentAssociatedWithRetrievedContent_SophosLtd

belongs to
Patent Reference c
has facts
kb-reference-of op URL Analysis
has-link dp "https://patents.google.com/patent/US20160359883A1"^^anyURI
kb-reference-title dp "Method and system for detecting restricted content associated with retrieved content"

Reference - Method and system for detecting suspicious administrative activity - Vectra Networks Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForDetectingSuspiciousAdministrativeActivity_VectraNetworksInc

belongs to
Patent Reference c
has facts
kb-reference-of op Administrative Network Activity Analysis
has-link dp "https://patents.google.com/patent/US20180077186A1"^^anyURI
kb-reference-title dp "Method and system for detecting suspicious administrative activity"

Reference - Method and system for detecting threats using metadata vectors - VECTRA NETWORKS Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForDetectingThreatsUsingMetadataVectors_VECTRANETWORKSInc

belongs to
Patent Reference c
has facts
kb-reference-of op Protocol Metadata Anomaly Detection
has-link dp "https://patents.google.com/patent/US20160191551A1"^^anyURI
kb-reference-title dp "Method and system for detecting threats using metadata vectors"

Reference - Method and system for detecting threats using passive cluster mapping - Vectra Networks Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForDetectingThreatsUsingPassiveClusterMapping_VectraNetworksInc

belongs to
Patent Reference c
has facts
kb-reference-of op Protocol Metadata Anomaly Detection
has-link dp "https://patents.google.com/patent/US20160149936A1"^^anyURI
kb-reference-title dp "Method and system for detecting threats using passive cluster mapping"

Reference - Method and system for providing software updates to local machinesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForProvidingSoftwareUpdatesToLocalMachines

belongs to
Patent Reference c
has facts
has-link dp "https://patents.google.com/patent/US10474448B2/en"^^anyURI
kb-reference-title dp "Method and system for providing software updates to local machines"

Reference - Method and system for UDP flood attack detection - Riorey LLCni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForUDPFloodAttackDetection-RioreyLLC

belongs to
Patent Reference c
has facts
kb-reference-of op Inbound Session Volume Analysis
has-link dp "https://patents.google.com/patent/US8307430B1"^^anyURI
kb-reference-title dp "Method and system for UDP flood attack detection"

Reference - Method for controlling computer network security - Checkpoint Software Technologies Ltdni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodForControllingComputerNetworkSecurity_CheckpointSoftwareTechnologiesLtd

belongs to
Patent Reference c
has facts
kb-reference-of op Inbound Traffic Filtering
has-link dp "https://patents.google.com/patent/EP0658837B1/"^^anyURI
kb-reference-title dp "Method for controlling computer network security"

Reference - Method for file encryptionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodForFileEncryption

belongs to
Patent Reference c
has facts
kb-reference-of op File Encryption
has-link dp "https://patents.google.com/patent/US9521123B2/en"^^anyURI
kb-reference-title dp "Method for file encryption"

Reference - Method using kernel mode assistance for the detection and removal of threats which are actively preventing detection and removal from a running system - Symantec Corporationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodUsingKernelModeAssistanceForTheDetectionAndRemovalOfThreatsWhichAreActivelyPreventingDetectionAndRemovalFromARunningSystem_SymantecCorporation

belongs to
Patent Reference c
has facts
kb-reference-of op System Daemon Monitoring
has-link dp "https://patents.google.com/patent/US8239947B1"^^anyURI
kb-reference-title dp "Method using kernel mode assistance for the detection and removal of threats which are actively preventing detection and removal from a running system"

Reference - MGT516: Managing Security Vulnerabilities: Enterprise and Cloudni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MGT516ManagingSecurityVulnerabilitiesEnterpriseAndCloud

belongs to
Internet Article Reference c
has facts
kb-reference-of op Operational Risk Assessment
has-link dp "https://www.sans.org/cyber-security-courses/managing-enterprise-cloud-security-vulnerabilities/"^^anyURI
kb-reference-title dp "MGT516: Managing Security Vulnerabilities: Enterprise and Cloud"

Reference - Mission Dependency Modeling for Cyber Situational Awarenessni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MissionDependencyModelingForCyberSituationalAwareness

belongs to
Academic Paper Reference c
has facts
kb-reference-of op Operational Dependency Mapping
has-link dp "https://csis.gmu.edu/noel/pubs/2016_NATO_IST_148.pdf"^^anyURI
kb-reference-title dp "Mission Dependency Modeling for Cyber Situational Awareness"

Reference - Mitigate threats by using Windows 10 security features: Data Execution Prevention - Microsoftni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DataExecutionPrevention_Microsoft

belongs to
User Manual Reference c
has facts
kb-reference-of op Process Segment Execution Prevention
has-link dp "https://docs.microsoft.com/en-us/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10#data-execution-prevention"^^anyURI
kb-reference-title dp "Mitigate threats by using Windows 10 security features: Data Execution Prevention"

Reference - Mock attack cybersecurity training system and methods - WOMBAT SECURITY TECHNOLOGIES Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MockAttackCybersecurityTrainingSystemAndMethods_WOMBATSECURITYTECHNOLOGIESInc

belongs to
Patent Reference c
has facts
kb-reference-of op Decoy Public Release
has-link dp "https://patents.google.com/patent/US9558677B2/"^^anyURI
kb-reference-title dp "Mock attack cybersecurity training system and methods"

Reference - Modeling user access to computer resources - Daedalus Group LLC (formerly IBM)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ModelingUserAccessToComputerResources_DaedalusGroupLLC

belongs to
Patent Reference c
has facts
kb-reference-of op Resource Access Pattern Analysis
has-link dp "https://patents.google.com/patent/US8214364B2"^^anyURI
kb-reference-title dp "Modeling user access to computer resources"

Reference - Modification of a Server to Mimic a Deception Mechanism - Acalvio Technologies Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ModificationOfAServerToMimicADeceptionMechanism_AcalvioTechnologiesInc

belongs to
Patent Reference c
has facts
kb-reference-of op Connected Honeynet
has-link dp "https://patents.google.com/patent/US20170149825A1"^^anyURI
kb-reference-title dp "Modification of a Server to Mimic a Deception Mechanism"

Reference - Muninni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Munin

belongs to
Source Code Reference c
has facts
has-link dp "https://github.com/Neo23x0/munin"^^anyURI
kb-reference-title dp "Online Hash Checker for Virustotal and Other Services"

Reference - Network firewall with proxy - Secure Computing LLCni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-NetworkFirewallWithProxy_SecureComputingLLC

belongs to
Patent Reference c
has facts
kb-reference-of op Inbound Traffic Filtering
has-link dp "https://patents.google.com/patent/GB2318031A"^^anyURI
kb-reference-title dp "Network firewall with proxy"

Reference - Network-Based Buffer Overflow Detection by Exploit Code Analysis - Information Security Research Centreni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Network-BasedBufferOverflowDetectionByExploitCodeAnalysis_InformationSecurityResearchCentre

belongs to
Academic Paper Reference c
has facts
kb-reference-of op Byte Sequence Emulation
has-link dp "https://eprints.qut.edu.au/21172/1/21172.pdf"^^anyURI
kb-reference-title dp "Network-Based Buffer Overflow Detection by Exploit Code Analysis"

Reference - Network-level polymorphic shellcode detection using emulationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Network-levelPolymorphicShellcodeDetectionUsingEmulation

belongs to
Academic Paper Reference c
has facts
kb-reference-of op Byte Sequence Emulation
has-link dp "https://www.cs.unc.edu/~fabian/course_papers/polymorphic-detect.pdf"^^anyURI
kb-reference-title dp "Network-level polymorphic shellcode detection using emulation"

Reference - NIST RMF Quick Start Guide - Assess Step - Frequently Asked Questions (FAQ)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-NIST-RMF-Quick-Start-Guide-Assess-Step-FAQ

belongs to
Internet Article Reference c
has facts
kb-reference-of op Operational Risk Assessment
has-link dp "https://csrc.nist.gov/CSRC/media/Projects/risk-management/documents/05-Assess%20Step/NIST%20RMF%20Assess%20Step-FAQs.pdf"^^anyURI
kb-reference-title dp "NIST RMF Quick Start Guide - Assess Step - Frequently Asked Questions (FAQ)"

Reference - NIST Special Publication 800-160 Volume 1 - System Security Engineeringni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-NIST-Special-Publication-800-160-Volume-1

belongs to
Guideline Reference c
has facts
kb-reference-of op Operational Risk Assessment
has-link dp "https://doi.org/10.6028/NIST.SP.800-160v1"^^anyURI
kb-reference-title dp "NIST Special Publication 800-160 Volume 1 - Systems Security Engineering"

Reference - NIST Special Publication 800-37 Revision 2 - Risk Management Framework for Information Systems and Organizationsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-NIST-Special-Publication-800-37-Revision-2

belongs to
Guideline Reference c
has facts
kb-reference-of op Operational Risk Assessment
has-link dp "https://doi.org/10.6028/NIST.SP.800-37r2"^^anyURI
kb-reference-title dp "NIST Special Publication 800-37 Revision 2 - Risk Management Framework for Information Systems and Organizations"

Reference - NIST Special Publication 800-53A Revision 5 - Assessing Security and Privacy Controls in Information Systems and Organizationsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-NIST-Special-Publication-800-53A-Revision-5

belongs to
Guideline Reference c
has facts
kb-reference-of op Operational Risk Assessment
has-link dp "https://doi.org/10.6028/NIST.SP.800-53Ar5"^^anyURI
kb-reference-title dp "NIST Special Publication 800-53A Revision 5 - Assessing Security and Privacy Controls in Information Systems and Organizations"

Reference - NISTIR 8011 Volume 1 - Automation Support for Security Control Assessmentsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-NISTIR-8011-Volume-1

belongs to
Guideline Reference c
has facts
kb-reference-of op Operational Risk Assessment
has-link dp "https://doi.org/10.6028/NIST.IR.8011-1"^^anyURI
kb-reference-title dp "NIST Interagency Report 8011 Volume 1 - Automation Support for Security Control Assessments"

Reference - Open source intelligence deceptions - Illusive Networks Ltdni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-OpenSourceIntelligenceDeceptions_IllusiveNetworksLtd

belongs to
Patent Reference c
has facts
kb-reference-of op Decoy File
has-link dp "https://patents.google.com/patent/US10333976B1/en?assignee=Illusive+Networks+Ltd&oq=Illusive+Networks+Ltd+"^^anyURI
kb-reference-title dp "Open source intelligence deceptions"

Reference - Organizational Management in SAP ERP HCMni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-OrganizationalManagementInSAPERPHCM

belongs to
Book Reference c
has facts
kb-reference-of op Organization Mapping
has-link dp "https://www.sap-press.com/organizational-management-in-sap-erp-hcm_3996/"^^anyURI
kb-reference-title dp "Organization Mapping in SAP ERP HCM"

Reference - OS Query Windows User Collection Codeni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-OSQueryWindowsUserCollectionCode

belongs to
Source Code Reference c
has facts
has-link dp "https://github.com/osquery/osquery/blob/d2be385d71f401c85872f00d479df8f499164c5a/osquery/tables/system/windows/users.cpp"^^anyURI
kb-reference-title dp "OS Query Windows User Collection Code"

Reference - Overview of the seccomp sandboxni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-OverviewOfTheSeccompSandbox

belongs to
Internet Article Reference c
has facts
kb-reference-of op System Call Filtering
has-link dp "https://code.google.com/archive/p/seccompsandbox/wikis/overview.wiki"^^anyURI
kb-reference-title dp "Overview of the seccomp sandbox"

Reference - Platform Firmware Resiliency Guidelines - NISTni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PlatformFirmwareResiliencyGuidelines_NIST

belongs to
Guideline Reference c
has facts
kb-reference-of op Firmware Verification
has-link dp "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-193.pdf"^^anyURI
kb-reference-title dp "Platform Firmware Resiliency Guidelines"

Reference - Pointer Authentication on ARMv8.3ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PointerAuthenticationOnARMv8.3

belongs to
Specification Reference c
has facts
kb-reference-of op Pointer Authentication
has-link dp "https://www.qualcomm.com/media/documents/files/whitepaper-pointer-authentication-on-armv8-3.pdf"^^anyURI
kb-reference-title dp "Pointer Authentication on ARMv8.3"

Reference - Pointer Authentication Project Zeroni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PointerAuthenticationProjectZero

belongs to
Internet Article Reference c
has facts
kb-reference-of op Pointer Authentication
has-link dp "https://googleprojectzero.blogspot.com/2019/02/examining-pointer-authentication-on.html"^^anyURI
kb-reference-title dp "Examining Pointer Authentication on the iPhone XS"

Reference - Post sandbox methods and systems for detecting and blocking zero-day exploits via api call validation - K2 Cyber Security Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PostSandboxMethodsAndSystemsForDetectingAndBlockingZero-dayExploitsViaApiCallValidation_K2CyberSecurityInc

belongs to
Patent Reference c
has facts
kb-reference-of op System Call Analysis
has-link dp "https://patents.google.com/patent/US20190138715A1/"^^anyURI
kb-reference-title dp "Post sandbox methods and systems for detecting and blocking zero-day exploits via api call validation"

Reference - Predicting Domain Generation Algorithms with Long Short-Term Memory Networksni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PredictingDomainGenerationAlgorithmsWithLongShort-TermMemoryNetworks_

belongs to
Academic Paper Reference c
has facts
kb-reference-of op DNS Traffic Analysis
has-link dp "https://arxiv.org/abs/1611.007911"^^anyURI
kb-reference-title dp "Predicting Domain Generation Algorithms with Long Short-Term Memory Networks"

Reference - Preventing execution of task scheduled malware - McAfee LLCni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PreventingExecutionOfTaskScheduledMalware_McAfeeLLC

belongs to
Patent Reference c
has facts
kb-reference-of op Scheduled Job Analysis
has-link dp "https://patents.google.com/patent/US20160105450A1"^^anyURI
kb-reference-title dp "Preventing execution of task scheduled malware"

Reference - Privacy and security systems and methods of useni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PrivacyAndSecuritySystemsAndMethodsOfUse

belongs to
Patent Reference c
has facts
has-link dp "https://patents.google.com/patent/US10128890B2/en"^^anyURI
kb-reference-title dp "Privacy and security systems and methods of use"

Reference - Private virtual local area network isolation - Cisco Technology Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PrivateVirtualLocalAreaNetworkIsolation_CiscoTechnologyInc

belongs to
Patent Reference c
has facts
kb-reference-of op Broadcast Domain Isolation
has-link dp "https://patents.google.com/patent/US20120331142A1"^^anyURI
kb-reference-title dp "Private virtual local area network isolation"

Reference - Protected computing environment - Microsoft Technology Licensing LLCni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ProtectedComputingEnvironment_MicrosoftTechnologyLicensingLLC

belongs to
Patent Reference c
has facts
kb-reference-of op Driver Load Integrity Checking
has-link dp "https://patents.google.com/patent/US20060242406A1"^^anyURI
kb-reference-title dp "Protected computing environment"

Reference - Protecting against distributed denial of service attacks - Cisco Technology Inc.ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ProtectingAgainstDistributedDenialOfServiceAttacks-CiscoTechnologyInc.

belongs to
Patent Reference c
has facts
kb-reference-of op Inbound Session Volume Analysis
has-link dp "https://patents.google.com/patent/US7171683B2"^^anyURI
kb-reference-title dp "Protecting against distributed denial of service attacks"

Reference - Protecting against distributed network flood attacks - Juniper Networks Inc.ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ProtectingAgainstDistributedNetworkFloodAttacks-JuniperNetworksInc.

belongs to
Patent Reference c
has facts
kb-reference-of op Inbound Session Volume Analysis
has-link dp "https://patents.google.com/patent/US8789173B2"^^anyURI
kb-reference-title dp "Protecting against distributed network flood attacks"

Reference - PsSuspend - Microsoftni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PsSuspend

belongs to
Specification Reference c
has facts
kb-reference-of op Process Suspension
has-link dp "https://learn.microsoft.com/en-us/sysinternals/downloads/pssuspend"^^anyURI
kb-reference-title dp "PsSuspend"

Reference - Qualys Network Passive Sensor Getting Started Guideni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-QualysNetworkPassiveSensorGettingStartedGuide

belongs to
User Manual Reference c
has facts
kb-reference-of op Hardware Component Inventory
kb-reference-of op Network Node Inventory
has-link dp "https://www.qualys.com/passive-scanning-sensor/"^^anyURI
kb-reference-title dp "Qualys Network Passive Sensor Getting Started Guide"

Reference - Red Hat Enterprise Linux 8 Security Technical Implementation Guideni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RedHatEnterpriseLinux8SecurityTechnicalImplementationGuide

belongs to
Guideline Reference c
has facts
kb-reference-of op Application Configuration Hardening
has-link dp "https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/"^^anyURI
kb-reference-title dp "Red Hat Enterprise Linux 8 Security Technical Implementation Guide"

Reference - Registry Key Security and Access Rightsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RegistryKeySecurityAndAccessRights

belongs to
User Manual Reference c
has facts
kb-reference-of op User Session Init Config Analysis
has-link dp "https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-key-security-and-access-rights"^^anyURI
kb-reference-title dp "Registry Key Security and Access Rights"

Reference - Reputation of an entity associated with a content itemni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Reputation_of_an_entity_associated_with_a_content_item

belongs to
Patent Reference c
has facts
kb-reference-of op File Hash Reputation Analysis
has-link dp "https://patents.google.com/patent/US20060253584A1"^^anyURI
kb-reference-title dp "Reputation of an entity associated with a content item"

Reference - Reverse DNS Blocking - Barracuda Networksni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ReverseDNSBlocking_BarracudaNetworks

belongs to
User Manual Reference c
has facts
kb-reference-of op Reverse Resolution Domain Denylisting
has-link dp "https://campus.barracuda.com/product/emailsecuritygateway/doc/39819732/reverse-dns-blocking/"^^anyURI
kb-reference-title dp "Reverse DNS Blocking"

Reference - Revoke a previously issued verifiable credential - Microsoftni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RevokingaPreviouslyIssuedVerifiableCredential-Microsoft

belongs to
Specification Reference c
has facts
kb-reference-of op Credential Revoking
has-link dp "https://learn.microsoft.com/en-us/azure/active-directory/verifiable-credentials/how-to-issuer-revoke"^^anyURI
kb-reference-title dp "Revoke a previously issued verifiable credential"

Reference - RFC 2289 - A One-Time Password Systemni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RFC2289-AOne-TimePasswordSystem

belongs to
Specification Reference c
has facts
kb-reference-of op One-time Password
has-link dp "https://tools.ietf.org/html/rfc2289"^^anyURI
kb-reference-title dp "A One-Time Password System"

Reference - RFC 6376: DomainKeys Identified Mail (DKIM) Signatures - IETFni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DomainKeysIdentifiedMail-Signatures-IETF

belongs to
Specification Reference c
has facts
kb-reference-of op Transfer Agent Authentication
has-link dp "https://tools.ietf.org/html/rfc6376"^^anyURI
kb-reference-title dp "RFC 6376: DomainKeys Identified Mail (DKIM) Signatures"

Reference - RFC 7208: Sender Policy Framework (SPF) for Authorizing Use of Domains in Email - IETFni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RFC7208-SenderPolicyFramework-SPF-ForAuthorizingUseOfDomainsInEmail-IETF

belongs to
Specification Reference c
has facts
kb-reference-of op Transfer Agent Authentication
has-link dp "https://tools.ietf.org/html/rfc7208"^^anyURI
kb-reference-title dp "RFC 7208: Sender Policy Framework (SPF) for Authorizing Use of Domains in Email"

Reference - RFC 7489: Domain-based Message Authentication, Reporting, and Conformance (DMARC) - IETFni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RFC7489-Domain-basedMessageAuthentication-Reporting-AndConformance-DMARC

belongs to
Specification Reference c
has facts
kb-reference-of op Transfer Agent Authentication
has-link dp "https://tools.ietf.org/html/rfc7489"^^anyURI
kb-reference-title dp "RFC 7489: Domain-based Message Authentication, Reporting, and Conformance (DMARC)"

Reference - RFC 7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirementsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RFC7642SystemForCrossDomainIdentityManagementDefinitionsOverviewConceptsAndRequirements

belongs to
Specification Reference c
has facts
kb-reference-of op Access Modeling
has-link dp "https://datatracker.ietf.org/doc/html/rfc7642"^^anyURI
kb-reference-title dp "RFC7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements"

Reference - RPC call interception - Crowdstrike Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RPCCallInterception_CrowdstrikeInc

belongs to
Patent Reference c
has facts
kb-reference-of op RPC Traffic Analysis
has-link dp "https://patents.google.com/patent/US20150163109"^^anyURI
kb-reference-title dp "RPC call interception"

Reference - Secure caching of server credentials - Dell Products LPni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SecureCachingOfServerCredentials_DellProductsLP

belongs to
Patent Reference c
has facts
kb-reference-of op Authentication Cache Invalidation
has-link dp "https://patents.google.com/patent/US20100107241A1"^^anyURI
kb-reference-title dp "Secure caching of server credentials"

Reference - Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SecureMultipurposeInternetMailExtensionsMIME-Version3.1

belongs to
Specification Reference c
has facts
has-link dp "https://tools.ietf.org/html/rfc3851"^^anyURI
kb-reference-title dp "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification"

Reference - Securing Web Transactionsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SecuringWebTransactions

belongs to
Guideline Reference c
has facts
kb-reference-of op Active Certificate Analysis
has-link dp "https://www.nccoe.nist.gov/sites/default/files/library/sp1800/tls-serv-cert-mgt-nist-sp1800-16b-final.pdf"^^anyURI
kb-reference-title dp "Securing Web Transactions"

Reference - Securing Web Transactions TLS Server Certificate Management - Appendix A Passive Inspectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Securing_Web_Transactions__TLS_Server_Certificate_Management_Appendix_A_Passive_Inspection

belongs to
Guideline Reference c
has facts
kb-reference-of op Passive Certificate Analysis
has-link dp "https://www.nccoe.nist.gov/publication/1800-16/VolD/vol-d-appendix.html"^^anyURI
kb-reference-title dp "Securing Web Transactions TLS Server Certificate Management - Appendix A Passive Inspection"

Reference - Security Architecture for the Internet Protocolni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SecurityArchitectureForTheInternetProtocol

belongs to
Specification Reference c
has facts
kb-reference-of op Encrypted Tunnels
has-link dp "https://datatracker.ietf.org/doc/html/rfc1825"^^anyURI
kb-reference-title dp "Security Architecture for the Internet Protocol"

Reference - Security System with Methodology for Interprocess Communication Control - Check Point Software Tech Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SecuritySystemWithMethodologyForInterprocessCommunicationControl_CheckPointSoftwareTechInc

belongs to
Patent Reference c
has facts
kb-reference-of op IPC Traffic Analysis
has-link dp "https://patents.google.com/patent/US20040199763"^^anyURI
kb-reference-title dp "Security System with Methodology for Interprocess Communication Control"

Reference - Security Technologies: Stack Smashing Protection (StackGuard) - Red Hatni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-StackSmashingProtection_StackGuard_RedHat

belongs to
Internet Article Reference c
has facts
kb-reference-of op Stack Frame Canary Validation
has-link dp "https://access.redhat.com/blogs/766093/posts/3548631"^^anyURI
kb-reference-title dp "Security Technologies: Stack Smashing Protection (StackGuard)"

Reference - Security vulnerability information aggregationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SecurityVulnerabilityInformationAggregation

belongs to
Patent Reference c
has facts
kb-reference-of op Asset Vulnerability Enumeration
has-link dp "https://patents.google.com/patent/US8544098B2"^^anyURI
kb-reference-title dp "Security vulnerability information aggregation"

Reference - Sinkholing bad network domains by registering the bad network domains on the internet - Palo Alto Networks Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SinkholingBadNetworkDomainsByRegisteringTheBadNetworkDomainsOnTheInternet_PaloAltoNetworksInc

belongs to
Patent Reference c
has facts
kb-reference-of op DNS Traffic Analysis
has-link dp "https://patents.google.com/patent/US20160381065A1"^^anyURI
kb-reference-title dp "Sinkholing bad network domains by registering the bad network domains on the internet"

Reference - SNMP - Network Auto-Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SNMPNetworkAutoDiscovery

belongs to
User Manual Reference c
has facts
kb-reference-of op Active Logical Link Mapping
has-link dp "https://docs.device42.com/auto-discovery/network-auto-discovery/"^^anyURI
kb-reference-title dp "SNMP - Network Auto Discovery"

Reference - Software vulnerability graph databaseni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SoftwareVulnerabilityGraphDatabase

belongs to
Patent Reference c
has facts
kb-reference-of op Asset Vulnerability Enumeration
kb-reference-of op System Dependency Mapping
kb-reference-of op System Vulnerability Assessment
has-link dp "https://patents.google.com/patent/WO2020028535A1"^^anyURI
kb-reference-title dp "Software vulnerability graph database"

Reference - StreamingPhishni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-StreamingPhish

belongs to
Technique Reference c
has facts
kb-reference-of op Passive Certificate Analysis
has-link dp "https://github.com/wesleyraptor/streamingphish"^^anyURI
kb-reference-title dp "StreamingPhish"

Reference - Supply chain cyber-deception - Cymmetria, Inc.ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SupplyChainCyber-deception_Cymmetria,Inc.

belongs to
Patent Reference c
has facts
kb-reference-of op Decoy File
has-link dp "https://patents.google.com/patent/WO2017187379A1"^^anyURI
kb-reference-title dp "Supply chain cyber-deception"

Reference - Synchronizing a honey network configuration to reflect a target network environment - Palo Alto Networks Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SynchronizingAHoneyNetworkConfigurationToReflectATargetNetworkEnvironment_PaloAltoNetworksInc

belongs to
Patent Reference c
has facts
kb-reference-of op Integrated Honeynet
has-link dp "https://patents.google.com/patent/US20170019425A1"^^anyURI
kb-reference-title dp "Synchronizing a honey network configuration to reflect a target network environment"

Reference - System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndAMethodForIdentifyingThePresenceOfMalwareAndRansomwareUsingMini-trapsSetAtNetworkEndpoints_FidelisCybersecuritySolutionsInc

belongs to
Patent Reference c
has facts
kb-reference-of op Decoy File
has-link dp "https://patents.google.com/patent/US9807115B2/en?oq=US-9807115-B2"^^anyURI
kb-reference-title dp "System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints"

Reference - System and method for detecting homoglyph attacks with a siamese convolutional neural network - Endgame Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForDetectingHomoglyphAttacksWithASiameseConvolutionalNeuralNetwork_EndgameInc

belongs to
Patent Reference c
has facts
kb-reference-of op Homoglyph Detection
has-link dp "https://patents.google.com/patent/US20190019058A1/"^^anyURI
kb-reference-title dp "System and method for detecting homoglyph attacks with a siamese convolutional neural network"

Reference - System and method for detecting malware injected into memory of a computing device - Endgame Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForDetectingMalwareInjectedIntoMemoryOfAComputingDevice_EndgameInc

belongs to
Patent Reference c
has facts
kb-reference-of op Process Code Segment Verification
has-link dp "https://patents.google.com/patent/US20190018958A1/en?oq=US20190018958-A1"^^anyURI
kb-reference-title dp "System and method for detecting malware injected into memory of a computing device"

Reference - System and Method for Detection of a Change in Behavior in the Use of a Website Through Vector Velocity Analysis - Silver Tail Systemsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForDetectionOfAChangeInBehaviorInTheUseOfAWebsiteThroughVectorVelocityAnalysis_SilverTailSystems

belongs to
Patent Reference c
has facts
kb-reference-of op Web Session Activity Analysis
has-link dp "https://patents.google.com/patent/US20100235909A1/en?oq=US+20100235909+A1"^^anyURI
kb-reference-title dp "System and Method for Detection of a Change in Behavior in the Use of a Website Through Vector Velocity Analysis"

Reference - System and method for identifying the presence of malware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForIdentifyingThePresenceOfMalwareUsingMini-trapsSetAtNetworkEndpoints_FidelisCybersecuritySolutionsInc

belongs to
Patent Reference c
has facts
kb-reference-of op Decoy Network Resource
kb-reference-of op Decoy User Credential
has-link dp "https://patents.google.com/patent/US9807114B2/en?oq=US-9807114-B2"^^anyURI
kb-reference-title dp "System and method for identifying the presence of malware using mini-traps set at network endpoints"

Reference - System and method for internet security - Cylance Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForInternetSecurity_CylanceInc

belongs to
Patent Reference c
has facts
kb-reference-of op Database Query String Analysis
has-link dp "https://patents.google.com/patent/US20120117644A1"^^anyURI
kb-reference-title dp "System and method for internet security"

Reference - System and method for managed security assessment and mitigationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForManagedSecurityAssessmentAndMitigation

belongs to
Patent Reference c
has facts
kb-reference-of op Network Vulnerability Assessment
has-link dp "https://patents.google.com/patent/US9544324B2"^^anyURI
kb-reference-title dp "System and method for managed security assessment and mitigation"

Reference - System and Method for Network Security Including Detection of Attacks Through Partner Websites - EMC IP Holding Co LLCni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForNetworkSecurityIncludingDetectionOfAttacksThroughPartnerWebsites_EMCIPHoldingCoLLC

belongs to
Patent Reference c
has facts
kb-reference-of op Web Session Activity Analysis
has-link dp "https://patents.google.com/patent/US20110302653A1/en?oq=US+20110302653+A1"^^anyURI
kb-reference-title dp "System and Method for Network Security Including Detection of Attacks Through Partner Websites"

Reference - System and Method for Process Hollowing Detection - Carbon Black Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForProcessHollowingDetection_CarbonBlackInc

belongs to
Patent Reference c
has facts
kb-reference-of op Process Self-Modification Detection
has-link dp "https://patents.google.com/patent/US20170272462A1"^^anyURI
kb-reference-title dp "System and Method for Process Hollowing Detection"

Reference - System and method for providing an actively invalidated client-side network resource cache - IMVUni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForProvidingAnActivelyInvalidatedClient-sideNetworkResourceCache_IMVU

belongs to
Patent Reference c
has facts
kb-reference-of op Authentication Cache Invalidation
has-link dp "https://patents.google.com/patent/US9578081B2/en"^^anyURI
kb-reference-title dp "System and method for providing an actively invalidated client-side network resource cache"

Reference - System and method for scanning remote services to locate stored objects with malwareni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForScanningRemoteServicesToLocateStoredObjectsWithMalware

belongs to
Patent Reference c
has facts
kb-reference-of op Email Removal
has-link dp "https://patents.google.com/patent/US11368475B1/"^^anyURI
kb-reference-title dp "System and method for scanning remote services to locate stored objects with malware"

Reference - System and method for validating in-memory integrity of executable files to identify malicious activity - Endgame Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForValidatingIn-memoryIntegrityOfExecutableFilesToIdentifyMaliciousActivity_EndgameInc

belongs to
Patent Reference c
has facts
kb-reference-of op Process Code Segment Verification
has-link dp "https://patents.google.com/patent/US20190018962A1/en?oq=15648887"^^anyURI
kb-reference-title dp "System and method for validating in-memory integrity of executable files to identify malicious activity"

Reference - System and method for vulnerability risk analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForVulnerabilityRiskAssessment

belongs to
Patent Reference c
has facts
kb-reference-of op Asset Vulnerability Enumeration
has-link dp "https://patents.google.com/patent/US9317692B2"^^anyURI
kb-reference-title dp "System and method for vulnerability risk analysis"

Reference - System and method thereof for identifying and responding to security incidents based on preemptive forensics - Palo Alto Networks Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodThereofForIdentifyingAndRespondingToSecurityIncidentsBasedOnPreemptiveForensics_PaloAltoNetworksInc

belongs to
Patent Reference c
has facts
kb-reference-of op Resource Access Pattern Analysis
kb-reference-of op User Data Transfer Analysis
kb-reference-of op Web Session Activity Analysis
has-link dp "https://patents.google.com/patent/US20160142424A1"^^anyURI
kb-reference-title dp "System and method thereof for identifying and responding to security incidents based on preemptive forensics"

Reference - System and methods thereof for causality identification and attributions determination of processes in a network - Palo Alto Networks IncCyber Secdo Ltdni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodsThereofForCausalityIdentificationAndAttributionsDeterminationOfProcessesInANetwork_PaloAltoNetworksIncCyberSecdoLtd

belongs to
Patent Reference c
has facts
kb-reference-of op Process Lineage Analysis
has-link dp "https://patents.google.com/patent/US20170195350A1/en?oq=US-2017195350-A1"^^anyURI
kb-reference-title dp "System and methods thereof for causality identification and attributions determination of processes in a network"

Reference - System and methods thereof for detection of persistent threats in a computerized environment background - Palo Alto Networks IncCyber Secdo Ltdni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodsThereofForDetectionOfPersistentThreatsInAComputerizedEnvironmentBackground_PaloAltoNetworksIncCyberSecdoLtd

belongs to
Patent Reference c
has facts
has-link dp "https://patents.google.com/patent/US20170206358A1/en?oq=US-2017206358-A1"^^anyURI
kb-reference-title dp "System and methods thereof for detection of persistent threats in a computerized environment background"

Reference - System and methods thereof for identification of suspicious system processes - Palo Alto Networks Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodsThereofForIdentificationOfSuspiciousSystemProcesses_PaloAltoNetworksInc

belongs to
Patent Reference c
has facts
kb-reference-of op Process Lineage Analysis
has-link dp "https://patents.google.com/patent/US20170286683A1/en?oq=US-2017286683-A1"^^anyURI
kb-reference-title dp "System and methods thereof for identification of suspicious system processes"

Reference - System and methods thereof for logical identification of malicious threats across a plurality of end-point devices (epd) communicatively connected by a network - Palo Alto Networks IncCyber Secdo Ltdni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodsThereofForLogicalIdentificationOfMaliciousThreatsAcrossAPluralityOfEnd-pointDevicesCommunicativelyConnectedByANetwork_PaloAltoNetworksIncCyberSecdoLtd

belongs to
Patent Reference c
has facts
kb-reference-of op File Content Rules
has-link dp "https://patents.google.com/patent/US20180373870A1/en?oq=US-2018373870-A1"^^anyURI
kb-reference-title dp "System and methods thereof for logical identification of malicious threats across a plurality of end-point devices (epd) communicatively connected by a network"

Reference - System and methods thereof for preventing ransomware from encrypting data elements stored in a memory of a computer-based system - Palo Alto Networks Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodsThereofForPreventingRansomwareFromEncryptingDataElementsStoredInAMemoryOfAComputer-basedSystem_PaloAltoNetworksInc

belongs to
Patent Reference c
has facts
kb-reference-of op Decoy File
has-link dp "https://patents.google.com/patent/US20170308711A1/en?oq=US-2017308711-A1"^^anyURI
kb-reference-title dp "System and methods thereof for preventing ransomware from encrypting data elements stored in a memory of a computer-based system"

Reference - System for detecting threats using scenario-based tracking of internal and external network traffic - VECTRA NETWORKS Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemForDetectingThreatsUsingScenario-basedTrackingOfInternalAndExternalNetworkTraffic_VECTRANETWORKSInc

belongs to
Patent Reference c
has facts
kb-reference-of op Per Host Download-Upload Ratio Analysis
has-link dp "https://patents.google.com/patent/US20160191563A1"^^anyURI
kb-reference-title dp "System for detecting threats using scenario-based tracking of internal and external network traffic"

Reference - System for implementing threat detection using daily network traffic community outliers - VECTRA NETWORKS Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemForImplementingThreatDetectionUsingDailyNetworkTrafficCommunityOutliers_VECTRANETWORKSInc

belongs to
Patent Reference c
has facts
kb-reference-of op Network Traffic Community Deviation
kb-reference-of op Protocol Metadata Anomaly Detection
has-link dp "https://patents.google.com/patent/US20160191560A1"^^anyURI
kb-reference-title dp "System for implementing threat detection using daily network traffic community outliers"

Reference - System for implementing threat detection using threat and risk assessment of asset-actor interactions - VECTRA NETWORKS Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemForImplementingThreatDetectionUsingThreatAndRiskAssessmentOfAsset-actorInteractions_VECTRANETWORKSInc

belongs to
Patent Reference c
has facts
kb-reference-of op User Data Transfer Analysis
has-link dp "https://patents.google.com/patent/US20160191559A1"^^anyURI
kb-reference-title dp "System for implementing threat detection using threat and risk assessment of asset-actor interactions"

Reference - System, method, and computer program product for detecting and assessing security risks in a network - Exabeam Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-System,Method,AndComputerProgramProductForDetectingAndAssessingSecurityRisksInANetwork_ExabeamInc

belongs to
Patent Reference c
has facts
kb-reference-of op Authentication Event Thresholding
kb-reference-of op Authorization Event Thresholding
kb-reference-of op Resource Access Pattern Analysis
kb-reference-of op Session Duration Analysis
kb-reference-of op User Geolocation Logon Pattern Analysis
has-link dp "https://patents.google.com/patent/US20190034641A1"^^anyURI
kb-reference-title dp "System, method, and computer program product for detecting and assessing security risks in a network"

Reference - Systems and methods for detecting and/or handling targeted attacks in the email channel - Graphus Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemsAndMethodsForDetectingAnd_orHandlingTargetedAttacksInTheEmailChannel_GraphusInc

belongs to
Patent Reference c
has facts
kb-reference-of op Sender MTA Reputation Analysis
kb-reference-of op Sender Reputation Analysis
has-link dp "https://patents.google.com/patent/US20170324767A1"^^anyURI
kb-reference-title dp "Systems and methods for detecting and/or handling targeted attacks in the email channel"

Reference - Systems and methods for detecting credential theft - Symantec Corpni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemsAndMethodsForDetectingCredentialTheft_SymantecCorp

belongs to
Patent Reference c
has facts
kb-reference-of op Credential Compromise Scope Analysis
has-link dp "https://patents.google.com/patent/US10162962B1"^^anyURI
kb-reference-title dp "Systems and methods for detecting credential theft"

Reference - Tamper proof mutating software - ARXAN TECHNOLOGIES Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TamperProofMutatingSoftware_ARXANTECHNOLOGIESInc

belongs to
Patent Reference c
has facts
kb-reference-of op Process Code Segment Verification
has-link dp "https://patents.google.com/patent/US9262600B2/en?oq=US9262600B2"^^anyURI
kb-reference-title dp "Tamper proof mutating software"

Reference - TCG Trusted Attestation Protocol Use Cases for TPM Families 1.2 and 2.0 and DICEni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TCGTrustedAttestationProtocolUseCasesForTPMFamilies1.2And2.0AndDICE

belongs to
Specification Reference c
has facts
has-link dp "https://trustedcomputinggroup.org/wp-content/uploads/TCG_TNC_TAP_Use_Cases_v1r0p35_published.pdf"^^anyURI
kb-reference-title dp "TCG Trusted Attestation Protocol Use Cases for TPM Families 1.2 and 2.0 and DICE"

Reference - Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilitiesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Technical_Specifications_for_Construction_and_Management_of_Sensitive_Compartmented_Information_Facilities

belongs to
Specification Reference c
has facts
kb-reference-of op RF Shielding
has-link dp "https://www.dni.gov/files/Governance/IC-Tech-Specs-for-Const-and-Mgmt-of-SCIFs-v15.pdf"^^anyURI
kb-reference-title dp "Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities"

Reference - Techniques for impeding and detecting network threats - Verisign Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TechniquesForImpedingAndDetectingNetworkThreats_VerisignInc

belongs to
Patent Reference c
has facts
kb-reference-of op Decoy Network Resource
has-link dp "https://patents.google.com/patent/US10904273B1/"^^anyURI
kb-reference-title dp "Techniques for impeding and detecting network threats"

Reference - Tenable Passive Network Monitoringni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TenablePassiveNetworkMonitoring

belongs to
Internet Article Reference c
has facts
kb-reference-of op Passive Logical Link Mapping
kb-reference-of op Passive Physical Link Mapping
has-link dp "https://www.tenable.com/sites/default/files/solution-briefs/SB-Passive-Network-Monitoring.pdf"^^anyURI
kb-reference-title dp "Tenable Passive Network Monitoring"

Reference - Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwordsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Testing_Metrics_for_Password_Creation_Policies_by_Attacking_Large_Sets_of_Revealed_Passwords

belongs to
Academic Paper Reference c
has facts
kb-reference-of op Strong Password Policy
has-link dp "https://www.cs.umd.edu/~jkatz/security/downloads/passwords_revealed-weir.pdf"^^anyURI
kb-reference-title dp "Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords"

Reference - The Pyramid of Pain - David Bianconi back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ThePyramidOfPain-DavidBianco

belongs to
Internet Article Reference c
has facts
kb-reference-of op Identifier Activity Analysis
has-link dp "http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html"^^anyURI
kb-reference-title dp "The Pyramid of Pain"

Reference - Threat detection for return oriented programming - Crowdstrike Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ThreatDetectionForReturnOrientedProgramming_CrowdstrikeInc

belongs to
Patent Reference c
has facts
kb-reference-of op Shadow Stack Comparisons
has-link dp "https://patents.google.com/patent/US20140075556A1"^^anyURI
kb-reference-title dp "Threat detection for return oriented programming"

Reference - Threat detection through the accumulated detection of threat characteristics - Sophos Ltdni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ThreatDetectionThroughTheAccumulatedDetectionOfThreatCharacteristics_SophosLtd

belongs to
Patent Reference c
has facts
kb-reference-of op Process Code Segment Verification
has-link dp "https://patents.google.com/patent/US9104864B2/en?oq=US-9104864-B2"^^anyURI
kb-reference-title dp "Threat detection through the accumulated detection of threat characteristics"

Reference - Tivoli Application Dependency Discovery Manager 7.3.0 - Dependencies between resourcesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TivoliApplicationDependencyDiscoverManager7_3_0DependenciesBetweenResources

belongs to
User Manual Reference c
has facts
kb-reference-of op Data Exchange Mapping
kb-reference-of op Service Dependency Mapping
kb-reference-of op System Dependency Mapping
has-link dp "https://www.ibm.com/docs/en/taddm/7.3.0?topic=model-dependencies-between-resources"^^anyURI
kb-reference-title dp "Tivoli Application Dependency Discovery Manager 7.3.0 - Dependencies between resources"

Reference - Tokenless biometric transaction authorization method and systemni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TokenlessBiometricTransactionAuthorizationMethodAndSystem

belongs to
Patent Reference c
has facts
kb-reference-of op Biometric Authentication
has-link dp "https://patents.google.com/patent/US5870723A/"^^anyURI
kb-reference-title dp "Tokenless biometric transaction authorization method and system"

Reference - TPM 2.0 Library Specification - Trusted Computing Group, Incorporatedni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TPM2.0LibrarySpecification_TrustedComputingGroup,Incorporated

belongs to
Specification Reference c
has facts
kb-reference-of op TPM Boot Integrity
has-link dp "https://trustedcomputinggroup.org/resource/tpm-library-specification/"^^anyURI
kb-reference-title dp "TPM 2.0 Library Specification"

Reference - Trusted Attestation Protocol Use Casesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TrustedAttestationProtocolUseCases

belongs to
Specification Reference c
has facts
has-link dp "https://trustedcomputinggroup.org/wp-content/uploads/TCG_TNC_TAP_Use_Cases_v1r0p35_published.pdf"^^anyURI
kb-reference-title dp "Trusted Attestation Protocol Use Cases"

Reference - Trusted Communications With Child Processes - Microsoft Technology Licensing LLCni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TrustedCommunicationsWithChildProcesses_MicrosoftTechnologyLicensingLLC

belongs to
Patent Reference c
has facts
has-link dp "https://patents.google.com/patent/US20120174210A1"^^anyURI
kb-reference-title dp "Trusted Communications With Child Processes"

Reference - UEFI Platform Initialization (PI) Specificationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UEFIPlatformInitialization-Specification

belongs to
Specification Reference c
has facts
kb-reference-of op Bootloader Authentication
has-link dp "https://uefi.org/sites/default/files/resources/PI_Spec_1_7_A_final_May1.pdf"^^anyURI
kb-reference-title dp "UEFI Platform Initialization (PI) Specification"

Reference - Unified Architecture Framework (UAF)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UnifiedArchitectureFrameworkUAF

belongs to
Specification Reference c
has facts
kb-reference-of op Data Exchange Mapping
kb-reference-of op Operational Activity Mapping
kb-reference-of op Operational Dependency Mapping
kb-reference-of op Organization Mapping
kb-reference-of op Service Dependency Mapping
kb-reference-of op System Dependency Mapping
has-link dp "https://www.omg.org/spec/UAF/"^^anyURI
kb-reference-title dp "Unified Architecture Framework (UAF)"

Reference - USB filter for hub malicious code prevention systemni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-USBFilterForHubMaliciousCodePreventionSystem

belongs to
Patent Reference c
has facts
kb-reference-of op IO Port Restriction
has-link dp "https://patents.google.com/patent/US9990325B2/en"^^anyURI
kb-reference-title dp "Universal serial bus (USB) filter hub malicious code prevention system"

Reference - Use DNS Policy for Applying Filters on DNS Queriesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UseDNSPolicyForApplyingFiltersOnDNSQueries

belongs to
User Manual Reference c
has facts
has-link dp "https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/apply-filters-on-dns-queries"^^anyURI
kb-reference-title dp "Use DNS Policy for Applying Filters on DNS Queries"

Reference - Use of an application controller to monitor and control software file and application environments - Sophos Ltdni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UseOfAnApplicationControllerToMonitorAndControlSoftwareFileAndApplicationEnvironments_SophosLtd

belongs to
Patent Reference c
has facts
kb-reference-of op Dynamic Analysis
has-link dp "https://patents.google.com/patent/US20180032727A1"^^anyURI
kb-reference-title dp "Use of an application controller to monitor and control software file and application environments"

Reference - Use Rkill to Stop Malware Processes - ghacks.netni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UseRkillToStopMalwareProcesses-Ghacks.net

belongs to
Technique Reference c
has facts
kb-reference-of op Process Termination
has-link dp "https://www.ghacks.net/2011/07/29/use-rkill-to-stop-malware-processes/"^^anyURI
kb-reference-title dp "Use Rkill to Stop Malware Processes"

Reference - Using spanning tree protocol (STP) to enhance layer-2 topology mapsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UsingSpanningTreeProtocolSTPToEnhanceLayer2NetworkTopologyMaps

belongs to
Patent Reference c
has facts
kb-reference-of op Active Physical Link Mapping
has-link dp "https://patents.google.com/patent/US8045488B2"^^anyURI
kb-reference-title dp "Using spanning tree protocol (STP) to enhance layer-2 topology maps"

Reference - Virtualized process isolation - Advanced Micro Devices Incni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-VirtualizedProcessIsolation_AdvancedMicroDevicesInc

belongs to
Patent Reference c
has facts
kb-reference-of op Hardware-based Process Isolation
has-link dp "https://patents.google.com/patent/US20180081829A1"^^anyURI
kb-reference-title dp "Virtualized process isolation"

Reference - Web Authentication: An API for accessing Public Key Credentials Level 2ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-WebAuthentication_AnAPIForAccessingPublicKeyCredentials%0ALevel2

belongs to
Specification Reference c
has facts
kb-reference-of op Credential Transmission Scoping
has-link dp "https://www.w3.org/TR/webauthn-2/"^^anyURI
kb-reference-title dp "Web Authentication: An API for accessing Public Key Credentials Level 2"

Reference - Web-Based Enterprise Managementni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Web-BasedEnterpriseManagement

belongs to
Specification Reference c
has facts
kb-reference-of op Configuration Inventory
kb-reference-of op Hardware Component Inventory
kb-reference-of op Network Node Inventory
kb-reference-of op Software Inventory
has-link dp "https://www.dmtf.org/standards/wbem"^^anyURI
kb-reference-title dp "Web-Based Enterprise Management"

Reference - What is NX/XD feature?ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-WhatIsNX_XDFeature_RedHat

belongs to
Internet Article Reference c
has facts
kb-reference-of op Process Segment Execution Prevention
has-link dp "https://access.redhat.com/solutions/2936741"^^anyURI
kb-reference-title dp "What is NX/XD feature?"

Reference - Windows 10 STIGni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Windows10STIG

belongs to
Guideline Reference c
has facts
kb-reference-of op Application Configuration Hardening
has-link dp "https://www.stigviewer.com/stig/windows_10/"^^anyURI
kb-reference-title dp "Windows 10 Security Technical Implementation Guide"

Reference - Windows Management Infrastructure (MI)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Windows-Management-Infrastructure

belongs to
Specification Reference c
has facts
kb-reference-of op Configuration Inventory
kb-reference-of op Hardware Component Inventory
kb-reference-of op Network Node Inventory
kb-reference-of op Software Inventory
has-link dp "https://docs.microsoft.com/en-us/previous-versions/windows/desktop/wmi_v2/windows-management-infrastructure"^^anyURI
kb-reference-title dp "Windows Management Infrastructure"

Reference - Windows Management Instrumentation (WMI)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Windows-Management-Instrumentation

belongs to
Specification Reference c
has facts
kb-reference-of op Configuration Inventory
kb-reference-of op Hardware Component Inventory
kb-reference-of op Network Node Inventory
kb-reference-of op Software Inventory
has-link dp "https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page"^^anyURI
kb-reference-title dp "Windows Management Instrumentation"

Reflection Amplificationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1498.002

has facts
produces op Inbound Internet Network Traffic
is also defined as
class

Reflective Code Loadingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1620

has facts
modifies op Process Segment
is also defined as
class

reg open key ani back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegOpenKeyA

belongs to
Get System Config Value c

reg open key ex ani back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegOpenKeyExA

belongs to
Get System Config Value c

reg open key ex wni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegOpenKeyExW

belongs to
Get System Config Value c

reg open key transacted ani back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegOpenKeyTransactedA

belongs to
Get System Config Value c

reg open key transacted wni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegOpenKeyTransactedW

belongs to
Get System Config Value c

reg open key wni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegOpenKeyW

belongs to
Get System Config Value c

reg set key value ani back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegSetKeyValueA

belongs to
Set System Config Value c

reg set key value wni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegSetKeyValueW

belongs to
Set System Config Value c

reg set value ani back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegSetValueA

belongs to
Set System Config Value c

reg set value ex ani back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegSetValueExA

belongs to
Set System Config Value c

reg set value ex wni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegSetValueExW

belongs to
Set System Config Value c

reg set value wni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegSetValueW

belongs to
Set System Config Value c

Registry Run Keys / Startup Folderni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.001

has facts
may-modify op System Configuration Init Database Record
may-modify op User Startup Script File
is also defined as
class

Relay Pattern Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RelayPatternAnalysis

belongs to
Network Traffic Analysis c
has facts
analyzes op Outbound Internet Network Traffic
kb-reference op Reference - Malicious relay detection on networks - VECTRA NETWORKS Inc
d3fend-id dp "D3-RPA"
is also defined as
class

Remote Access Softwareni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1219

has facts
produces op Outbound Internet Network Traffic
is also defined as
class

Remote Data Stagingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1074.002

has facts
modifies op Network Resource
is also defined as
class

Remote Data Storageni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1029

belongs to
ATTACK Mitigation c
has facts
d3fend-comment dp "IT disaster recovery plans are outside the current scope of D3FEND."

Remote Desktop Protocolni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.001

has facts
creates op RDP Session
produces op Administrative Network Traffic
is also defined as
class

Remote Email Collectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114.002

has facts
accesses op Mail Server
is also defined as
class

Remote Service Session Hijackingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1563

has facts
accesses op Remote Session
produces op Administrative Network Traffic
is also defined as
class

Remote Servicesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021

has facts
produces op Intranet Network Traffic
is also defined as
class

Remote System Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1018

has facts
may-access op Operating System Configuration File
may-invoke op Create Process
may-invoke op Create Socket
produces op Network Traffic
is also defined as
class

Remote Terminal Session Detectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteTerminalSessionDetection

belongs to
Network Traffic Analysis c
has facts
analyzes op Network Traffic
kb-reference op Reference - Method and system for detecting external control of compromised hosts - VECTRA NETWORKS Inc
kb-reference op Reference - CAR-2013-07-002: RDP Connection Detection - MITRE
kb-reference op Reference - CAR-2016-04-005: Remote Desktop Logon - MITRE
d3fend-id dp "D3-RTSD"
is also defined as
class

Rename System Utilitiesni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.003

has facts
may-create op Executable File
may-modify op Operating System Executable File
is also defined as
class

Replication Through Removable Mediani back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1091

has facts
executes op Removable Media Device
is also defined as
class

Resource Access Pattern Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ResourceAccessPatternAnalysis

belongs to
User Behavior Analysis c
has facts
analyzes op Authentication
analyzes op Authorization
kb-reference op Reference - Host intrusion prevention system using software and user behavior analysis - Sophos Ltd
kb-reference op Reference - Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - Idaptive LLC
kb-reference op Reference - Modeling user access to computer resources - Daedalus Group LLC (formerly IBM)
kb-reference op Reference - System and method thereof for identifying and responding to security incidents based on preemptive forensics - Palo Alto Networks Inc
kb-reference op Reference - System, method, and computer program product for detecting and assessing security risks in a network - Exabeam Inc
d3fend-id dp "D3-RAPA"
is also defined as
class

Resource Development Techniqueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ResourceDevelopmentTechnique

has facts
enables op reconnaissance
is also defined as
class

Resource Forkingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.009

has facts
may-create op Resource Fork
may-modify op Resource Fork
is also defined as
class

Restrict File and Directory Permissionsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1022

belongs to
ATTACK Mitigation c
has facts
related op Local File Permissions

Restrict Library Loadingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1044

belongs to
ATTACK Mitigation c
has facts
related op System Call Filtering
d3fend-comment dp "D3-SCF is one possible way to filter library loading."

Restrict Registry Permissionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1024

belongs to
ATTACK Mitigation c
has facts
related op System Configuration Permissions

Restrict Web-Based Contentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1021

belongs to
ATTACK Mitigation c
has facts
related op DNS Allowlisting
related op DNS Denylisting
related op File Analysis
related op Inbound Traffic Filtering
related op Network Traffic Analysis
related op Outbound Traffic Filtering
related op URL Analysis
d3fend-comment dp "M1021 scope is broad, touches on an wide variety of techniques in d3fend."

Reverse Resolution Domain Denylistingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReverseResolutionDomainDenylisting

belongs to
DNS Denylisting c
has facts
blocks op Inbound Internet DNS Response Traffic
d3fend-id dp "D3-RRDD"
is also defined as
class

Reverse Resolution IP Denylistingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReverseResolutionIPDenylisting

belongs to
DNS Denylisting c
has facts
blocks op Outbound Internet DNS Lookup Traffic
kb-reference op Reference - Use DNS Policy for Applying Filters on DNS Queries
d3fend-id dp "D3-RRID"
is also defined as
class

RF Shieldingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RFShielding

belongs to
Platform Hardening c
has facts
kb-reference op Reference - Privacy and security systems and methods of use
kb-reference op Reference - Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities
d3fend-id dp "D3-RFS"
is also defined as
class

Right-to-Left Overrideni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.002

has facts
modifies op File System Metadata
is also defined as
class

Rogue Domain Controllerni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1207

has facts
modifies op System Configuration Database
produces op Intranet Administrative Network Traffic
is also defined as
class

Rootkitni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1014

has facts
may-modify op Boot Sector
may-modify op Firmware
may-modify op Kernel
may-modify op Kernel Module
may-modify op Shared Library File
is also defined as
class

RPC Traffic Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RPCTrafficAnalysis

belongs to
Network Traffic Analysis c
has facts
analyzes op RPC Network Traffic
kb-reference op Reference - CAR-2014-11-007: Remote Windows Management Instrumentation (WMI) over RPC - MITRE
kb-reference op Reference - CAR-2016-03-002: Create Remote Process via WMIC - MITRE
kb-reference op Reference - RPC call interception - Crowdstrike Inc
kb-reference op Reference - CAR-2014-03-005: Remotely Launched Executables via Services - MITRE
kb-reference op Reference - CAR-2014-12-001: Remotely Launched Executables via WMI - MITRE
kb-reference op Reference - CAR-2015-04-002: Remotely Scheduled Tasks via Schtasks - MITRE
kb-reference op Reference - CAR-2014-03-001: SMB Write Request - NamedPipes - MITRE
kb-reference op Reference - CAR-2014-05-001: RPC Activity - MITRE
d3fend-id dp "D3-RTA"
is also defined as
class

Ruby Script Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RubyScriptFile

belongs to
Executable Script c

Run Virtual Instanceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.006

has facts
creates op File
executes op Virtualization Software
may-add op Virtualization Software
may-create op Directory
is also defined as
class

Rundll32 Executionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.011

has facts
invokes op Create Process
loads op Shared Library File
is also defined as
class

Runtime Data Manipulationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1565.003

has facts
may-modify op Executable File
is also defined as
class

SA-10(1)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-10_1

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
related op Firmware Verification
related op Platform Hardening
control-name dp "Developer Configuration Management | Software and Firmware Integrity Verification"

SA-10(3)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-10_3

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
related op Firmware Verification
control-name dp "Developer Configuration Management | Hardware Integrity Verification"

SA-10(4)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-10_4

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
related op Firmware Verification
control-name dp "Developer Configuration Management | Trusted Generation"

SA-10(5)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-10_5

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
related op Firmware Verification
related op Platform Hardening
control-name dp "Developer Configuration Management | Mapping Integrity for Version Control"

SA-10(6)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-10_6

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
related op Firmware Verification
related op Platform Hardening
control-name dp "Developer Configuration Management | Trusted Distribution"

SA-11(1)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-11_1

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
related op Application Hardening
control-name dp "Developer Testing and Evaluation | Static Code Analysis"

SA-11(8)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-11_8

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
related op Application Hardening
control-name dp "Developer Testing and Evaluation | Dynamic Code Analysis"

SA-8(18)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-8_18

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
related op Encrypted Tunnels
control-name dp "Security and Privacy Engineering Principles | Trusted Communications Channels"

SA-8(22)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-8_22

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
related op Domain Account Monitoring
control-name dp "Security and Privacy Engineering Principles | Accountability and Traceability"

Safe Mode Bootni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.009

has facts
disables op Endpoint Sensor
disables op System Configuration Init Database Record
may-modify op Endpoint Health Beacon
is also defined as
class

SC-2ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SC-2

belongs to
NIST Control c
has facts
broader op Local File Permissions
broader op Mandatory Access Control
broader op System Configuration Permissions
member-of op NIST SP 800-53 R5
control-name dp "Separation of System and User Functionality"

SC-2(1)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SC-2_1

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Local File Permissions
narrower op Mandatory Access Control
narrower op System Configuration Permissions
control-name dp "Separation of System and User Functionality | Interfaces for Non-privileged Users"

SC-3ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SC-3

belongs to
NIST Control c
has facts
broader op Execution Isolation
broader op Network Isolation
member-of op NIST SP 800-53 R5
control-name dp "Security Function Isolation"

SC-3(1)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SC-3_1

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Execution Isolation
control-name dp "Security Function Isolation | Hardware Separation"

Scheduled Job Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ScheduledJobAnalysis

belongs to
Operating System Monitoring c
has facts
analyzes op Task Schedule
kb-reference op Reference - CAR-2013-05-004: Execution with AT - MITRE
kb-reference op Reference - CAR-2013-08-001: Execution with schtasks - MITRE
kb-reference op Reference - Preventing execution of task scheduled malware - McAfee LLC
d3fend-id dp "D3-SJA"
is also defined as
class

Scheduled Task/Job Executionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053

has facts
invokes op Create Process
modifies op Task Schedule
is also defined as
class

Scheduled Transferni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1029

has facts
produces op Internet Network Traffic
is also defined as
class

Screen Captureni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1113

has facts
may-access op Display Server
may-invoke op Get Screen Capture
is also defined as
class

Screensaverni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.002

has facts
creates op Executable File
modifies op System Configuration Database Record
is also defined as
class

Script Application Processni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ScriptApplicationProcess

has facts
interprets op Executable Script
is also defined as
class

Script Execution Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ScriptExecutionAnalysis

belongs to
Process Analysis c
has facts
analyzes op Script Application Process
kb-reference op Reference - Detecting script-based malware - Crowdstrike Inc
d3fend-id dp "D3-SEA"
is also defined as
class

Security Account Managerni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.002

has facts
may-access op Authentication Service
may-access op Process
may-access op System Password Database
is also defined as
class

Security Software Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1518.001

has facts
may-access op File System Metadata
may-access op Kernel Process Table
may-access op System Configuration Database Record
may-access op System Firewall Configuration
may-invoke op Get Running Processes
is also defined as
class

Security Support Providerni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.005

has facts
modifies op System Configuration Database Record
is also defined as
class

Security Tokenni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SecurityToken

has facts
contains op Access Token
is also defined as
class

Securityd Memoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.002

has facts
accesses op In-memory Password Store
is also defined as
class

Segment Address Offset Randomizationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SegmentAddressOffsetRandomization

belongs to
Application Hardening c
has facts
kb-reference op Reference - /DYNAMICBASE (Use address space layout randomization) - Microsoft Docs
kb-reference op Reference - How ASLR protects Linux systems from buffer overflow attacks - Network World
obfuscates op Process Segment
d3fend-id dp "D3-SAOR"
is also defined as
class

Sender MTA Reputation Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SenderMTAReputationAnalysis

belongs to
Message Analysis c
has facts
analyzes op Email
kb-reference op Reference - Systems and methods for detecting and/or handling targeted attacks in the email channel - Graphus Inc
d3fend-id dp "D3-SMRA"
is also defined as
class

Sender Reputation Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SenderReputationAnalysis

belongs to
Message Analysis c
has facts
analyzes op Email
kb-reference op Reference - Systems and methods for detecting and/or handling targeted attacks in the email channel - Graphus Inc
d3fend-id dp "D3-SRA"
is also defined as
class

Serverni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Server

has facts
manages op Service Application Process
runs op Service Application
is also defined as
class

Server-Side Request Forgery (SSRF)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-918

has facts
weakness of op User Input Function
is also defined as
class

Service Binary Verificationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceBinaryVerification

belongs to
System File Analysis c
has facts
kb-reference op Reference - CAR-2014-02-001: Service Binary Modifications - MITRE
verifies op Service Application
d3fend-id dp "D3-SBV"
is also defined as
class

Service Dependency Mappingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceDependencyMapping

belongs to
System Mapping c
has facts
kb-reference op Reference - Catia UAF Plugin
kb-reference op Reference - Tivoli Application Dependency Discovery Manager 7.3.0 - Dependencies between resources
kb-reference op Reference - Unified Architecture Framework (UAF)
maps op Service Dependency
d3fend-id dp "D3-SVCDM"
is also defined as
class

Service Exhaustion Floodni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1499.002

has facts
produces op Inbound Internet Network Traffic
is also defined as
class

Services File Permissions Weaknessni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.010

has facts
modifies op Service Application
is also defined as
class

Services Registry Permissions Weaknessni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.011

has facts
modifies op System Configuration Init Database Record
is also defined as
class

Session Duration Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SessionDurationAnalysis

belongs to
User Behavior Analysis c
has facts
analyzes op Authentication
analyzes op Authorization
kb-reference op Reference - Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - Idaptive LLC
kb-reference op Reference - System, method, and computer program product for detecting and assessing security risks in a network - Exabeam Inc
d3fend-id dp "D3-SDA"
is also defined as
class

Set System Config Valueni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SetSystemConfigValue

has facts
modifies op System Configuration Database Record
is also defined as
class

Setuid and Setgidni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.001

has facts
modifies op Access Control Configuration
is also defined as
class

Shadow Stackni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ShadowStack

has facts
copy-of op Call Stack
is also defined as
class

Shadow Stack Comparisonsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ShadowStackComparisons

belongs to
Process Analysis c
has facts
analyzes op Stack Frame
kb-reference op Reference - Threat detection for return oriented programming - Crowdstrike Inc
d3fend-id dp "D3-SSC"
is also defined as
class

Shared Resource Access Functionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SharedResourceAccessFunction

has facts
accesses op Resource
is also defined as
class

Sharepointni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213.002

has facts
accesses op Web File Resource
is also defined as
class

Shortcut Modificationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.009

has facts
may-modify op Symbolic Link
may-modify op User Startup Script File
is also defined as
class

SI-2(4)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-2_4

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Software Update
control-name dp "Flaw Remediation | Automated Patch Management Tools"

SI-2(5)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-2_5

belongs to
NIST Control c
has facts
exactly op Firmware Verification
exactly op Peripheral Firmware Verification
exactly op Software Update
exactly op System Firmware Verification
member-of op NIST SP 800-53 R5
control-name dp "Flaw Remediation | Automatic Software and Firmware Updates"

SI-2(6)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-2_6

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Firmware Verification
narrower op Peripheral Firmware Verification
narrower op Software Update
narrower op System Firmware Verification
control-name dp "Flaw Remediation | Removal of Previous Versions of Software and Firmware"

SI-3ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-3

belongs to
NIST Control c
has facts
broader op File Analysis
broader op Network Traffic Analysis
broader op Platform Monitoring
broader op Process Analysis
member-of op NIST SP 800-53 R5
control-name dp "Malicious Code Protection"

SI-3(10)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-3_10

belongs to
NIST Control c
has facts
exactly op Dynamic Analysis
member-of op NIST SP 800-53 R5
control-name dp "Malicious Code Protection | Malicious Code Analysis"

SI-3(4)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-3_4

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Local File Permissions
narrower op Mandatory Access Control
narrower op System Configuration Permissions
control-name dp "Malicious Code Protection | Updates Only by Privileged Users"

SI-3(8)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-3_8

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op User Behavior Analysis
control-name dp "Malicious Code Protection | Detect Unauthorized Commands"

SI-4ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-4

belongs to
NIST Control c
has facts
broader op Operating System Monitoring
member-of op NIST SP 800-53 R5
control-name dp "System Monitoring"

SI-4(2)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-4_2

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Network Traffic Analysis
control-name dp "System Monitoring | Automated Tools and Mechanisms for Real-time Analysis"

SI-4(4)ni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-4_4

belongs to
NIST Control c
has facts
member-of op NIST SP 800-53 R5
narrower op Network Traffic Analysis
control-name dp "System Monitoring | Inbound and Outbound Communications Traffic"

SID-History Injectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.005

has facts
modifies op Access Control Configuration
is also defined as
class

SIP and Trust Provider Hijackingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.003

has facts
modifies op System Configuration Database Record
is also defined as
class

Softwareni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Software

has facts
contains op Executable File
instructs op Process
is also defined as
class

Software Configurationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1054

belongs to
ATTACK Mitigation c
has facts
related op Application Configuration Hardening
related op Certificate Pinning

Software Deployment Tools Executionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1072

has facts
adds op File
executes op Software Deployment Tool
installs op Software
is also defined as
class

Software Inventoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareInventory

belongs to
Asset Inventory c
has facts
inventories op Software
kb-reference op Reference - Web-Based Enterprise Management
kb-reference op Reference - Windows Management Infrastructure (MI)
kb-reference op Reference - Windows Management Instrumentation (WMI)
d3fend-id dp "D3-SWI"
is also defined as
class

Software Libraryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareLibrary

has facts
contains op Software Library File
is also defined as
class

Software Library Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareLibraryFile

has facts
contains op Subroutine
may-contain op Executable Binary
may-contain op Executable Script
is also defined as
class

Software Packingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.002

has facts
obfuscates op Executable File
is also defined as
class

Software Updateni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareUpdate

belongs to
Platform Hardening c
has facts
kb-reference op Reference - Method and system for providing software updates to local machines
updates op Software
d3fend-id dp "D3-SU"
is also defined as
class

Source Codeni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SourceCode

belongs to
Reference Type c
is also defined as
class

Space after Filenameni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.006

has facts
creates op File
is also defined as
class

Spearphishing Attachmentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1566.001

has facts
produces op Email
produces op Inbound Internet Mail Traffic
is also defined as
class

Spearphishing Linkni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1566.002

has facts
produces op Email
produces op Inbound Internet Mail Traffic
produces op URL
is also defined as
class

Spearphishing Via Serviceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1566.003

has facts
produces op File
produces op URL
is also defined as
class

SQL Stored Proceduresni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.001

has facts
creates op Stored Procedure
invokes op Create Process
is also defined as
class

SSHni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.004

has facts
creates op SSH Session
produces op Administrative Network Traffic
is also defined as
class

SSH Hijackingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1563.001

has facts
accesses op SSH Session
is also defined as
class

SSL/TLS Inspectionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1020

belongs to
ATTACK Mitigation c
has facts
related op Network Traffic Analysis
d3fend-comment dp "D3FEND models this as an infrastructure dependency to support D3-NTA."

Stack Frameni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackFrame

has facts
may-contain op Pointer
may-contain op Stack Frame Canary
is also defined as
class

Stack Frame Canary Validationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackFrameCanaryValidation

belongs to
Application Hardening c
has facts
kb-reference op Reference - /GS (Buffer Security Check) - Microsoft Docs
kb-reference op Reference - Security Technologies: Stack Smashing Protection (StackGuard) - Red Hat
validates op Stack Frame
d3fend-id dp "D3-SFCV"
is also defined as
class

Stack Segmentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackSegment

has facts
contains op Stack Frame
is also defined as
class

Standalone Honeynetni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StandaloneHoneynet

belongs to
Decoy Environment c
has facts
kb-reference op Reference - Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network - Palo Alto Networks Inc
spoofs op Intranet Network
d3fend-id dp "D3-SHN"
is also defined as
class

Startup Itemsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.005

has facts
modifies op System Startup Directory
is also defined as
class

Steal Application Access Tokenni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1528

has facts
accesses op Access Token
is also defined as
class

Steal or Forge Kerberos Ticketsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558

has facts
may-access op Kerberos Ticket
may-create op Kerberos Ticket
is also defined as
class

Steal Web Session Cookieni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1539

has facts
accesses op Session Cookie
is also defined as
class

Step 1 - Copy Tokenni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#step-1

belongs to
step c
has facts
invokes op Copy Token
next op Step 2 - Impersonate User

Step 2 - Impersonate Userni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#step-2

belongs to
step c
has facts
creates op Authentication
invokes op Impersonate User

Storageni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Storage

has facts
may-contain op File System
is also defined as
class

Stored Data Manipulationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1565.001

has facts
modifies op File
is also defined as
class

Strong Password Policyni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StrongPasswordPolicy

belongs to
Credential Hardening c
has facts
kb-reference op Reference - Digital Identity Guidelines 800-63-3
kb-reference op Reference - Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords
strengthens op Password
strengthens op User Account
d3fend-id dp "D3-SPP"
is also defined as
class

Sudo and Sudo Cachingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.003

has facts
may-modify op Event Log
modifies op Operating System Configuration File
is also defined as
class

Supply Chain Compromiseni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195

has facts
modifies op Digital Artifact
is also defined as
class

Suspend Processni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SuspendProcess

has facts
evicts op Process
is also defined as
class

Symmetric Cryptographyni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1573.001

has facts
creates op Outbound Internet Encrypted Traffic
is also defined as
class

System Callni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemCall

has facts
executes op Subroutine
is also defined as
class

System Call Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemCallAnalysis

belongs to
Process Analysis c
has facts
analyzes op System Call
kb-reference op Reference - CAR-2019-08-001: Credential Dumping via Windows Task Manager - MITRE
kb-reference op Reference - CAR-2013-10-002: DLL Injection via Load Library - MITRE
kb-reference op Reference - Deterministic method for detecting and blocking of exploits on interpreted code - K2 Cyber Security Inc
kb-reference op Reference - Hardware-assisted system and method for detecting and analyzing system calls made to an operting system kernel - Endgame Inc
kb-reference op Reference - Malware detection in event loops - Crowdstrike Inc
kb-reference op Reference - Post sandbox methods and systems for detecting and blocking zero-day exploits via api call validation - K2 Cyber Security Inc
kb-reference op Reference - CAR-2020-05-001: MiniDump of LSASS - MITRE
kb-reference op Reference - CAR-2021-05-011: Create Remote Thread into LSASS - MITRE
d3fend-id dp "D3-SCA"
is also defined as
class

System Call Filteringni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemCallFiltering

belongs to
Kernel-based Process Isolation c
has facts
filters op System Call
kb-reference op Reference - Overview of the seccomp sandbox
d3fend-id dp "D3-SCF"
is also defined as
class

System Configuration Databaseni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigurationDatabase

has facts
contains op System Configuration Database Record
is also defined as
class

System Configuration Permissionsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigurationPermissions

belongs to
Platform Hardening c
has facts
kb-reference op Reference - How to change registry values or permissions from a command line or a script
restricts op System Configuration Database
d3fend-id dp "D3-SCP"
is also defined as
class

System Daemon Monitoringni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemDaemonMonitoring

belongs to
Operating System Monitoring c
has facts
kb-reference op Reference - Host intrusion prevention system using software and user behavior analysis - Sophos Ltd
kb-reference op Reference - Method using kernel mode assistance for the detection and removal of threats which are actively preventing detection and removal from a running system - Symantec Corporation
kb-reference op Reference - CAR-2016-04-003: User Activity from Stopping Windows Defensive Services - MITRE
monitors op Operating System Process
d3fend-id dp "D3-SDM"
is also defined as
class

System Dependency Mappingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemDependencyMapping

belongs to
System Mapping c
has facts
kb-reference op Reference - Catia UAF Plugin
kb-reference op Reference - Software vulnerability graph database
kb-reference op Reference - Tivoli Application Dependency Discovery Manager 7.3.0 - Dependencies between resources
kb-reference op Reference - Unified Architecture Framework (UAF)
maps op System Dependency
d3fend-id dp "D3-SYSDM"
is also defined as
class

System File Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemFileAnalysis

belongs to
Operating System Monitoring c
has facts
analyzes op Operating System File
kb-reference op Reference - CAR-2019-07-001: Access Permission Modification - MITRE
kb-reference op Reference - CAR-2013-01-002: Autorun Differences - MITRE
kb-reference op Reference - CAR-2016-04-002: User Activity from Clearing Event Logs - MITRE
d3fend-id dp "D3-SFA"
is also defined as
class

System Firewall Configurationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemFirewallConfiguration

has facts
configures op Host-based Firewall
is also defined as
class

System Firmwareni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.001

has facts
modifies op System Firmware
is also defined as
class

System Firmware Verificationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemFirmwareVerification

belongs to
Firmware Verification c
has facts
kb-reference op Reference - Firmware Verification Eclypsium
kb-reference op Reference - Platform Firmware Resiliency Guidelines - NIST
verifies op System Firmware
d3fend-id dp "D3-SFV"
is also defined as
class

System Information Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1082

has facts
may-access op Decoy Artifact
may-invoke op Create Process
is also defined as
class

System Init Config Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemInitConfigAnalysis

belongs to
Operating System Monitoring c
has facts
analyzes op System Init Configuration
kb-reference op Reference - CAR-2013-01-002: Autorun Differences - MITRE
kb-reference op Reference - CAR-2020-09-005: AppInit DLLs - MITRE
kb-reference op Reference - CAR-2020-11-001: Boot or Logon Initialization Scripts - MITRE
d3fend-id dp "D3-SICA"
is also defined as
class

System Language Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1614.001

has facts
queries op System Configuration Database
is also defined as
class

System Location Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1614

has facts
accesses op Configuration Resource
is also defined as
class

System Mappingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemMapping

belongs to
Defensive Technique c
has facts
enables op Model
d3fend-id dp "D3-SYSM"
is also defined as
class

System Network Configuration Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1016

has facts
may-execute op Executable Script
may-invoke op Create Process
may-invoke op Get System Network Config Value
is also defined as
class

System Network Connections Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1049

has facts
may-invoke op Get Open Sockets
is also defined as
class

System Owner/User Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1033

has facts
may-access op Directory Service
may-access op Get System Config Value
may-access op Password File
may-access op Process Segment
may-invoke op Copy Token
may-invoke op Create Process
is also defined as
class

System Service Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1007

has facts
may-invoke op Create Process
may-invoke op Get Running Processes
is also defined as
class

System Service Softwareni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemServiceSoftware

has facts
contains op Operating System File
is also defined as
class

System Time Discoveryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1124

has facts
may-invoke op Create Process
may-invoke op Get System Time
is also defined as
class

System Vulnerability Assessmentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemVulnerabilityAssessment

belongs to
System Mapping c
has facts
evaluates op Digital System
identifies op vulnerability
kb-reference op Reference - Software vulnerability graph database
d3fend-id dp "D3-SYSVA"
is also defined as
class

Systemd Serviceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.002

has facts
may-create op Operating System Configuration File
may-modify op Operating System Configuration File
is also defined as
class

Taint Shared Contentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1080

has facts
modifies op Network Resource
is also defined as
class

Terminate Processni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TerminateProcess

has facts
terminates op Process
is also defined as
class

Thread Execution Hijackingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.003

has facts
invokes op System Call
may-add op Executable Binary
is also defined as
class

Thread Local Storageni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.005

has facts
invokes op System Call
is also defined as
class

Thread Start Functionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ThreadStartFunction

has facts
executes op Thread
is also defined as
class

Threat Intelligence Programni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1019

belongs to
ATTACK Mitigation c
has facts
d3fend-comment dp "Establishing and running a Threat Intelligence Program is outside the scope of D3FEND."

Time Based Evasionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1497.003

has facts
may-invoke op Get System Time
may-run op System Time Application
is also defined as
class

Time Providersni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.003

has facts
modifies op System Configuration Database Record
is also defined as
class

Timestompni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.006

has facts
forges op File System Metadata
is also defined as
class

Token Impersonation/Theftni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.001

belongs to
Access Token c
has facts
copies op Access Token
is also defined as
class

TPM Boot Integrityni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TPMBootIntegrity

belongs to
Platform Hardening c
has facts
kb-reference op Reference - TCG Trusted Attestation Protocol Use Cases for TPM Families 1.2 and 2.0 and DICE
kb-reference op Reference - Trusted Attestation Protocol Use Cases
kb-reference op Reference - TPM 2.0 Library Specification - Trusted Computing Group, Incorporated
d3fend-id dp "D3-TBI"
is also defined as
class

Trace Processni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TraceProcess

has facts
monitors op Process
is also defined as
class

Traffic Signalingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1205

has facts
produces op Network Traffic
is also defined as
class

Transfer Agent Authenticationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TransferAgentAuthentication

belongs to
Message Hardening c
has facts
kb-reference op Reference - RFC 6376: DomainKeys Identified Mail (DKIM) Signatures - IETF
kb-reference op Reference - RFC 7208: Sender Policy Framework (SPF) for Authorizing Use of Domains in Email - IETF
kb-reference op Reference - RFC 7489: Domain-based Message Authentication, Reporting, and Conformance (DMARC) - IETF
d3fend-id dp "D3-TAAN"
is also defined as
class

Transmitted Data Manipulationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1565.002

has facts
may-modify op Network Traffic
is also defined as
class

Transport Agentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.002

has facts
adds op Message Transfer Agent
modifies op Mail Server
is also defined as
class

Trapni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.005

has facts
executes op Command
may-create op Executable Script
may-modify op Executable Script
modifies op Event Log
is also defined as
class

Trusted Relationshipni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1199

has facts
creates op Login Session
produces op Intranet Network Traffic
is also defined as
class

Two-Factor Authentication Interceptionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1111

has facts
may-access op Security Token
is also defined as
class

Unrestricted Upload of File with Dangerous Typeni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-434

has facts
weakness of op User Input Function
is also defined as
class

Unsecured Credentialsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552

has facts
accesses op Credential
is also defined as
class

Update Softwareni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1051

belongs to
ATTACK Mitigation c
has facts
related op Software Update

URLni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#URL

has facts
addresses op Resource
is also defined as
class

URL Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#URLAnalysis

belongs to
Identifier Analysis c
has facts
analyzes op URL
kb-reference op Reference - Method and Apparatus for Detecting Malicious Websites - Endgame Inc
kb-reference op Reference - Method and system for detecting restricted content associated with retrieved content - Sophos Ltd
d3fend-id dp "D3-UA"
is also defined as
class

URL Reputation Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#URLReputationAnalysis

belongs to
Identifier Reputation Analysis c
has facts
analyzes op URL
kb-reference op Reference - Finding phishing sites
d3fend-id dp "D3-URA"
is also defined as
class

Use Alternate Authentication Materialni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550

has facts
accesses op Authentication Service
is also defined as
class

Use of Hard-coded Credentialsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-798

has facts
weakness of op Authentication Function
is also defined as
class

Userni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#User

has facts
has-account op User Account
is also defined as
class

User Account Controlni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1052

belongs to
ATTACK Mitigation c
has facts
related op Mandatory Access Control

User Account Managementni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1018

belongs to
ATTACK Mitigation c
has facts
related op Local File Permissions
related op Mandatory Access Control
related op System Configuration Permissions

User Account Permissionsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserAccountPermissions

belongs to
Credential Hardening c
has facts
kb-reference op Reference - Configure User Access Control and Permissions
restricts op User Account
d3fend-id dp "D3-UAP"
is also defined as
class

User Behaviorni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserBehavior

has facts
contains op User Action
is also defined as
class

User Behavior Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserBehaviorAnalysis

belongs to
Defensive Technique c
has facts
enables op Detect
d3fend-id dp "D3-UBA"
is also defined as
class

User Data Transfer Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserDataTransferAnalysis

belongs to
User Behavior Analysis c
has facts
analyzes op Resource Access
kb-reference op Reference - System and method thereof for identifying and responding to security incidents based on preemptive forensics - Palo Alto Networks Inc
kb-reference op Reference - System for implementing threat detection using threat and risk assessment of asset-actor interactions - VECTRA NETWORKS Inc
d3fend-id dp "D3-UDTA"
is also defined as
class

User Geolocation Logon Pattern Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserGeolocationLogonPatternAnalysis

belongs to
User Behavior Analysis c
has facts
analyzes op Network Traffic
kb-reference op Reference - Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - Idaptive LLC
kb-reference op Reference - System, method, and computer program product for detecting and assessing security risks in a network - Exabeam Inc
d3fend-id dp "D3-UGLPA"
is also defined as
class

User Manualni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserManual

belongs to
Reference Type c
is also defined as
class

User Session Init Config Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserSessionInitConfigAnalysis

belongs to
Operating System Monitoring c
has facts
analyzes op User Init Configuration File
kb-reference op Reference - Identification and extraction of key forensics indicators of compromise using subject-specific filesystem views
kb-reference op Reference - Registry Key Security and Access Rights
kb-reference op Reference - CAR-2020-09-002: Component Object Model Hijacking - MITRE
kb-reference op Reference - CAR-2020-11-011: Registry Edit from Screensaver
d3fend-id dp "D3-USICA"
is also defined as
class

User Startup Directoryni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserStartupDirectory

has facts
contains op User Startup Script File
is also defined as
class

User to User Messageni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserToUserMessage

has facts
has-recipient op User Account
has-sender op User Account
is also defined as
class

User Trainingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1017

belongs to
ATTACK Mitigation c
has facts
d3fend-comment dp "Modeling user training is outside the scope of D3FEND."

Valid Accountsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078

has facts
produces op Authentication
produces op Authorization
uses op User Account
is also defined as
class

VBA Stompingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.007

has facts
modifies op Office Application File
is also defined as
class

VDSO Hijackingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.014

has facts
accesses op Shared Library File
invokes op System Call
is also defined as
class

Video Captureni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1125

has facts
accesses op Video Input Device
is also defined as
class

Vulnerability Scanningni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1016

belongs to
ATTACK Mitigation c
has facts
d3fend-comment dp "Future D3FEND releases will model the scanning and inventory domains."

Web Authenticationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebAuthentication

has facts
may-create op Session Cookie
is also defined as
class

Web File Resourceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebFileResource

has facts
addressed-by op URL
is also defined as
class

Web Portal Captureni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.003

has facts
modifies op Web Server Application
is also defined as
class

Web Protocolsni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.001

has facts
may-transfer op Certificate File
produces op Outbound Internet Web Traffic
is also defined as
class

Web Serviceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1102

has facts
produces op Outbound Internet Web Traffic
is also defined as
class

Web Session Activity Analysisni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebSessionActivityAnalysis

belongs to
User Behavior Analysis c
has facts
analyzes op Web Resource Access
kb-reference op Reference - Host intrusion prevention system using software and user behavior analysis - Sophos Ltd
kb-reference op Reference - System and Method for Detection of a Change in Behavior in the Use of a Website Through Vector Velocity Analysis - Silver Tail Systems
kb-reference op Reference - System and Method for Network Security Including Detection of Attacks Through Partner Websites - EMC IP Holding Co LLC
kb-reference op Reference - System and method thereof for identifying and responding to security incidents based on preemptive forensics - Palo Alto Networks Inc
d3fend-id dp "D3-WSAA"
is also defined as
class

Web Session Cookieni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.004

has facts
adds op Session Cookie
produces op Web Network Traffic
is also defined as
class

Web Shellni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.003

has facts
adds op Web Script File
modifies op Web Server
produces op Process
is also defined as
class

Web Socket URLni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebSocketURL

belongs to
URL c

WHOIS Compatible Domain Registrationni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WHOISCompatibleDomainRegistration

belongs to
Domain Registration c

Windows Batch Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WindowsBatchFile

belongs to
Executable Script c

Windows Management Instrumentation Event Subscriptionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.003

has facts
modifies op Event Log
produces op Intranet Administrative Network Traffic
is also defined as
class

Windows Management Instrumentation Executionni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1047

has facts
may-create op Intranet Administrative Network Traffic
may-invoke op Create Process
is also defined as
class

Windows Processni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WindowsProcess

belongs to
Process c

Windows Serviceni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.003

has facts
modifies op System Configuration Database
is also defined as
class

Winlogon Helper DLLni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.004

has facts
modifies op System Configuration Database Record
is also defined as
class

Write Fileni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WriteFile

has facts
modifies op File
is also defined as
class

X86 Code Segmentni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#X86CodeSegment

belongs to
Image Code Segment c
Process Code Segment c

XSL Script Processingni back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1220

has facts
adds op File
interprets op Executable Script
invokes op Create Process
is also defined as
class

Rules

Legend back to ToC

c: Classes
op: Object Properties
dp: Data Properties
ni: Named Individuals